During our investigative research into existing and emerging threats, we tend to make new discoveries. One of the most recent cases involved the discovery of a new toolkit:
k0de Sploit Pack
The phrase at the bottom of the page (“K0de.org Open Source Exploits”) caught our attention, as we wondered how ‘open-source’ this toolkit really was. A quick Google search lead us to the third result:
Leaked Message from Exploit Kit Author
The post (or ‘paste’ if we go by Pastie.org‘s terminology) contained a leaked message written by the toolkit author in a private hacker-forum. It reveals that this new toolkit is just a clone of the popular Eleonore with various improvements:
“As you can see it’s pretty much elenores lay out with a few touch ups & very badly made paint buttons. I’ve only been working on this for 2 hours or so, so please keep that in mind and I plan to add a lot more onto it in the coming days, so keep an eye out for news.”
The author was nice enough to provide us with interesting statistics from his own research:
“Now then, I’ve tested this on 1,000 unique hits from windows PC’s only (Xp, Vista & Win7 only) and I achieved 96 infections from it, that means the rough infection rate is at 9.6%, that is a 3.5% rise from the great Elenore mod posted by Blackdevil. Most of the infections was from MDAC & the IE kit.”
The author then calls upon fellow malware authors for their help with updating the exploits to ‘fix’ the rise in detection rate of the malicious iframe. Also, the author lists some of the modifications he has made in this toolkit:
“Since I have tested it, the detection of the iframe has risen a lot, so in order to conduct a good test, someone will have to UD the exploits again.
I have also slightly fixed up the chrome & firefox exploits, I’m not 100% sure but they seem to be hitting at least, whereas they used to do nothing.”
In addition to the “open-source” exploit kit, the page contains a long list of anonymous proxy servers near the bottom as well as stolen credit card numbers along with the login credentials of dozens of individuals.
Here’s a screen-shot of what it looked like:
Screenshot of Stolen Credentials including CC#'s
We have confirmed that upon our notice, both Google and pastie.org have removed the illegal content, prior to publishing this blog post.
Related Posts
- Can a video of singing lemmings make up for having your credit cards stolen?
The cosmetics store Lush is making the headlines for all the wrong reasons today, as they announced they were suspending online sales after their website was broken into by hackers.
In a statement on... - DA: 27 used others’ credit cards at Apple stores (AP)
AP - A crafty crime ring honed a very 21st-century scheme, authorities say: gleaning stolen credit-card numbers online from data thieves, deploying the numbers for a million-dollar, cross-country Appl... - Phishing Effectiveness: 35 Credit Cards in 5 Hours
20% of users provided account details in a phishing attack analyzed recently by ESET Latin America's Laboratory, as reported in the ESET Threat Blog.
ESET came across the phish and s... - Inside a phishing attack: 35 credit cards in 5 hours
Phishing attacks have grown steadily in recent years, becoming a highly profitable attack for cyber criminals. In ESET Latin America’s Laboratory, we are used to finding and informing about phi... - Adobe PDF Zero-Day Exploit Discovered in the Wild
Just after Adobe released their Out of Band patch for CVE-2010-2862, We discovered a malware exploiting a new 0-day vulnerability in the wild. Similar to the iOS PDF jailbreak vulnerability and CVE-20... - Trojan attacks credit cards of 15 US banks
The Zeus/Zbot banking Trojan is reported to be attacking the Verified by Visa and MasterCard SecureCode verification systems introduced in recent years to stop old-style card not present (CNP) fraud.
... - Poisoned Google image searches becoming a problem
If you are a regular user of Google's search engine you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its be... - Firefox 4 gets its first security update
Yesterday, five weeks after shipping Firefox 4, the Mozilla project published the new browser's first-ever security update. The Firefox version number bumps up to 4.0.1.The update fixes 50-odd bugs in... - Sony says credit card details *were* encrypted, but questions still remain
Sony has published a new blog entry, confirming that credit card details which could have been stolen in the recent hack of the PlayStation Network were encrypted.Sony reassured users of the PlayStati... - Easter Cards: More Rogue AV
Looks like we have more shenanigans involving rogue AV products and Easter.Patrick Jordan found this one lurking a few days ago, after searching for Easter Cards at bestrx finder(dot)com and hitting o...
