MPack exploit kit creator speaks

MPack exploit kit creator speaks

Summary: In the interview, presented from multiple IRC conversations and edited/reordered for clarity, SecurityFocus reporter Rob Lemos peeks behind the dark curtain of exploit writing and the lucrative underground market that exists for critical software vulnerabilities.

SHARE:
TOPICS: Browser
3

MPack exploit kit creator speaksSecurityFocus.com reporter Rob Lemos has a fascinating interview with one of the developers of MPack, the exploit kit used in thousands of drive-by malware attacks.

In the interview, presented from multiple IRC conversations and edited/reordered for clarity, Lemos does a nice job of peeking behind the dark curtain of exploit writing and the lucrative underground market that exists for critical software vulnerabilities.

Some excerpts from the interview:

On acquiring exploits to fit into MPack:

For our pack, there are two main methods of receiving exploits: The first one is guys sending us any material they find in the wild, bought from others or received from others; the second one is analyzing and improving public reports and PoC (proof-of-concept code). We sometimes pay for exploits. An average price for a 0-day Internet Explorer flaw is US$10,000 in case of good exploitation.

On a possible link with WebAttacker (a similar exploit pack):

I know the WebAttacker team. We are friends. I was talking to WebAttacker's manager recently and he told me that they are going to start the real WebAttacker 2 pack in the near future. Referring to MPack as WebAttacker 2 is a mistake. They are two different projects.

On protecting against MPack exploits:

I would advise you to use the Opera browser with scripts and plug-ins disabled in order not to be caught by the MPack someday.

The entire two-page interview over at SecurityFocus is worth reading.

[ ALSO SEE: MPack exploit kit used in Italian browser attacks ]

Topic: Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Bad Link!

    The link to [i]entire two-page interview over at SecurityFocus [/i]goes to Ryan's June 18th article [b]Russian hackers hijack Italian sites to serve exploits[/b], not the SecurityFocus.
    3D0G
    • Here's the correct URL

      http://www.securityfocus.com/news/11476
      3D0G
    • Link fixed

      My apologies.

      _ryan
      Ryan Naraine