Evilgrade: Exploit toolkit pwns insecure online updates

Summary:A security research outfit in Argentina has released a malcode distribution toolkit capable of launching man-in-the-middle attacks against popular products that use insecure update mechanisms.The toolkit, called Evilgrade, works in conjunction with man-in-the-middle techniques (DNS, ARP and DHCP spoofing) to exploit a wide range of applications, according to a post on the Metasploit blog.

Malcode distribution framework released
A security research outfit in Argentina has released a malcode distribution toolkit capable of launching man-in-the-middle attacks against popular products that use insecure update mechanisms. The toolkit, called Evilgrade, works in conjunction with man-in-the-middle techniques (DNS, ARP and DHCP spoofing) to exploit a wide range of applications, according to a post on the Metasploit blog. The first version of the toolkit ships with exploit modules for several widely deployed software, including Apple's Mac OS X and iTunes, WinZip, Winamp, OpenOffice and Sun Java. A demo video provides a scary look at how a sophisticated blended attack can be used to target millions of Windows users. In the video, Evilgrade uses HD Moore's recent DNS exploit in tandem with Sun's Java update mechanims to execute code and hijack a fully patched Windows machine:

Exploit toolkit pwns insecure online updates

Exploits are also available for the Linkedin Toolbar, DAP, Notepad++, and Speedbit. From the Evilgrade README document:
ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates. It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victim dns traffic.
See more in this slide deck (pdf).

Topics: Networking, Browser

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.