X
Business

MPack exploit kit creator speaks

In the interview, presented from multiple IRC conversations and edited/reordered for clarity, SecurityFocus reporter Rob Lemos peeks behind the dark curtain of exploit writing and the lucrative underground market that exists for critical software vulnerabilities.
Written by Ryan Naraine, Contributor
MPack exploit kit creator speaks
SecurityFocus.com reporter Rob Lemos has a fascinating interview with one of the developers of MPack, the exploit kit used in thousands of drive-by malware attacks.

In the interview, presented from multiple IRC conversations and edited/reordered for clarity, Lemos does a nice job of peeking behind the dark curtain of exploit writing and the lucrative underground market that exists for critical software vulnerabilities.

Some excerpts from the interview:

On acquiring exploits to fit into MPack:

For our pack, there are two main methods of receiving exploits: The first one is guys sending us any material they find in the wild, bought from others or received from others; the second one is analyzing and improving public reports and PoC (proof-of-concept code). We sometimes pay for exploits. An average price for a 0-day Internet Explorer flaw is US$10,000 in case of good exploitation.

On a possible link with WebAttacker (a similar exploit pack):

I know the WebAttacker team. We are friends. I was talking to WebAttacker's manager recently and he told me that they are going to start the real WebAttacker 2 pack in the near future. Referring to MPack as WebAttacker 2 is a mistake. They are two different projects.

On protecting against MPack exploits:

I would advise you to use the Opera browser with scripts and plug-ins disabled in order not to be caught by the MPack someday.

The entire two-page interview over at SecurityFocus is worth reading.

[ ALSO SEE: MPack exploit kit used in Italian browser attacks ]

Editorial standards