A russian company has posted a “Smartbomb” toolkit that allows people to post websites to exploit recent vulnerabilities in Internet Explorer and Firefox. Websense Security Labs managed to capture some screenshots of the admin panel for these sites. You can see them throughout this post. For a mere $15-$20, script kiddies can download the software and set up an exploit site, complete with a nice admin console. Just a reminder, if you haven’t done a windows update, or don’t have it set to automatic, go ahead and do so. Also, make sure your Firefox is up to date.
…
You can see that the software seeks to exploit issues fixed by MS patches MS03-11,
MS04-013, MS05-020, and MS06-006, and a 0-day exploit. Actually the zero day exploit (so named because they are exploits that have just been discovered, and, as such, haven’t been patched yet) is a collection of exploits that have already been patched by MS. Once the machine is exploited, the website performs a “drive-by” installation of a trojan. This is where a trojan is loaded onto your machine, without you doing a thing, except visiting the mailicious website. The trojan could be a keylogger(reports key strokes to the hacker), open a backdoor(for future exploitation), or target banking. The best thing to do is make sure you’re patched.
[tags]Web Attacker exploit,Web Attacker toolkit,security,hacking,spyware[/tags]
If you would like to make a comment, please fill out the form below.
Recent Comments