Researchers find 12 zero day flaws, targeting 5 web malware exploitation kits

Researchers find 12 zero day flaws, targeting 5 web malware exploitation kits

Summary: Security researchers from TEHTRI-Security, have found 12 zero day flaws targeting 5 of the most common web malware exploitation kits such as Neon, Eleonore, Liberty, Lucky and the Yes exploitation kits.

SHARE:

Security researchers from TEHTRI-Security, have found twelve zero day flaws targeting five of the most common web malware exploitation kits such as Neon, Eleonore, Liberty, Lucky and the Yes exploitation kits.

The use of these flaws could lead to hijacking of the admin panel, retrieving the admin password, or injecting content within the panel, potentially not just disrupting the campaign, but exposing the person behind it, or at least offering invaluable clues.

More details:

According to the group, some of the most widely used exploitation kits, are susceptible to the following flaws:

- Vuln in NEON Pack. Permanent XSS+XSRF. - Vuln in NEON Pack. SQL Injection. - Vuln in YES Pack. Remote File Disclosure. - Vuln in YES Pack. Permanent XSS+XSRF admin. - Vuln in YES Pack. Remote SQL Injection. - Vuln in Lucky Sploit Pack. Remote control. - Vuln in Liberty Pack. Permanent XSS+XSRF. - Vuln in Liberty Pack. SQL Injection. - Vuln in Eleonore Pack. Another SQL Inject. - Vuln in Eleonore Pack. XSRF in admin panel. - Vuln in Eleonore Pack. Permanent XSS. - Vuln in Eleonore Pack. Remote SQL Inject.

These offensive tactics against cybercriminal are in fact nothing new. However, guess who pioneered the practice first? The cybercriminals themselves, allocating time and resources to finding remotely exploitable flaws within popular malware/web malware exploitation kits.

Back in March, 2010, security researchers at the Vienna University of Technology, were able to easily extract 33GB of raw crimeware data, following a simple methodology - the lack of OPSEC (operational security) on the command and control servers responsible for maintaining the ZeuS crimeware campaigns.

And although they were surprised to find out how easily they could extract the data of the affected customers, they also admitted that it's fairly logical to assume that the cybercriminals are doing exactly the same against each other.

Last week, Microsoft in a cooperation with National Cyber Forensics Training Alliance (NCFTA), launched the Internet Fraud Service Alert.

Basically, the service:

creates a trusted and effective mechanism for participating researchers to report stolen account credentials discovered online – such as username and password log-in information for online services or compromised credit card numbers – to the appropriate institution responsible for that account. Through a centralized alerting system powered by Microsoft technology developed specifically for this program, Internet Fraud Alert will quickly inform companies about compromised credentials, allowing them to take the appropriate action to protect their customers.

The current tactical advantage of the security community, is the fact that not all cybercriminals are willing to invest money into purchasing the latest exploitation kit/ZeuS crimeware versions. Which, just as we see from the perspective of the legitimate user (Does software piracy lead to higher malware infection rates?), creates a lot of exploitation points.

The bottom line - in order for these offensive tactics against cybercriminals -- through the use of zero day flaws for instance -- to start producing actionable results which could drive the growth of the Internet Fraud Service Alert, the security community has to be a step ahead of the cybercriminal attempting to exploit the vulnerable kit of another cybercriminal.

What do you think? Has to the time come to go offensive against cybercriminals on a large scale, by exploiting the very same exploitation kits that help them infect hundreds of thousands of people every day?

What should be the main emphasis of the practice? Tracking them down, or contributing to the growth of services such as the Internet Fraud Service Alert, leading to timely response to cybercrime incidents affecting the customers of the companies, participating in the project?

Talkback.

Graph courtesy of BLADE's Evaluation Lab.

Topics: Software, Browser, Data Centers, Data Management, Enterprise Software, Malware, Security, Software Development

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

33 comments
Log in or register to join the discussion
  • Interesting

    It is cool to see the malware operators get poetic justice and have to constantly worry about being attacked. It would be great to see the bot nets broken up using the vulnerablities of the malware against itself.
    sboverie
    • It would be cool to see ZDNet learn something for once.

      Like not to use made-up terms without defining them. How many times do they have to be called on saying "zero day" without saying WTF that's supposed to mean?<br><br>And once they do that, they can start learning how to hyphenate. Oh, and not let users type out comments only to tell them, "Woops! You have to log in again." And by the way, they just blew away your entire comment and disabled the Back button. GJ, jagoffs.
      dgurney
      • RE: Researchers find 12 zero day flaws, targeting 5 web malware exploitation kits

        @dgurney
        I think Zero-day refers to an unpatched vulnerability in software. Something to the effect of finding a hole in a fence, and the entity knowing this hole exists but fails to fix the fence.
        ryanstrassburg
    • RE: Researchers find 12 zero day flaws, targeting 5 web malware exploitation kits

      i use TREND MICRO INTERNET SICURITY IS GREAT ! NO VIRUS NO MALWARS :) <A HREF="http://www.tophotelaltoadige.it">hotel alto adige</a>
      hotelsudtirol
  • Reminds me of the [i]Shadowrun[/i] RPG and novels...

    ... where black ice software would backtrace any intrusion attempt to the source and attempt to destroy it.
    Vulpinemac
  • RE: Researchers find 12 zero day flaws, targeting 5 web malware exploitation kits

    Is it possible to do both, obtain data to prosecute the offenders and attack their operations making it expensive and time consuming to maintain their chosen criminal ventures? I principally lean towards driving them out of operation.
    vsrider@...
  • RE: Researchers find 12 zero day flaws, targeting 5 web malware exploitation kits

    I say, track these scum back to their physical locations, have the police nab them and put on a few very high-profile trials. Make an example out of a few of them and see the rest start to think twice about screwing up our Internet!
    masonwheeler
    • RE: Researchers find 12 zero day flaws, targeting 5 web malware exploitation kits

      @masonwheeler Well the thing is many hackers live outside of the USA and some live in countries that don't have laws against this kind of stuff. So its hard to get ahold of them to do anything about it.
      Jimster480
  • RE: Researchers find 12 zero day flaws, targeting 5 web malware exploitation kits

    I agree, track them down and prosecute them, but only AFTER pulling out their fingernails, flogging them and rubbing salt in the wounds (and then getting nasty).
    hellnbak
  • This made me smile.

    Awesome! It's nice to see these dumb criminals get nailed with their own tricks. Now if we could just get some steeper penalties and punishments against them...
    wcb42ad
    • Stiffer penalties, etc......

      @wcb42ad

      My thoughts on a stiffer penalty for these criminals is simple; public execution. This insures a extremely high cure rate. (Hard to commit more crimes when you are DEAD!)
      fatman65535
      • Re; Stiffer penalties, etc....

        @bfilipiak@...
        Given the nature of these crimes, it is all to easy to catch the wrong guy. If the innocent person is dead, the guilty one is still free to carry on.
        A very high risk of getting caught is much more likely to stem the tide.
        hkommedal
    • Re; This made me smile.

      @wcb42ad
      It made me smile too.
      However I think it is generally a lot more efficient to increase the odds of getting caught than it is to get steeper penalties.
      Imagine if the risk of getting caught is 90 %, even a 4 day jail sentence where they should have to pay for the food themselves will do the trick.
      hkommedal
  • RE: Researchers find 12 zero day flaws, targeting 5 web malware exploitation kits

    and when the attackers are in hacker freindly countries or are an agent of the country...?
    Eddy-ICUR12
  • RE: Researchers find 12 zero day flaws, targeting 5 web malware exploitation kits

    At the outset, let me thank Microsoft for being at the forefront of this endeavor. I hope the rest of the cyber-community step up to Microsoft's level of support.

    Now to answer the question. I would like to see emphasis on both tracking them and bringing them to justice. Speaking of justice, we need to strengthen the justice system to better deal with giving these creeps their justly rewards. Make the punishment fit the crime.
    eargasm
    • RE: Researchers find 12 zero day flaws, targeting 5 web malware exploitation kits

      @windozefreak
      I think a more efficient punishment would be to hack their malware in a way that would empty their account.
      What was taken out of the criminals account should be used to boost the anti malware.
      The important point is to increase the catching rate.
      hkommedal
    • RE: Researchers find 12 zero day flaws, targeting 5 web malware exploitation kits

      @windozefreak
      Yes Micro$oft saved the world. All hail Micro$oft. All hail the Borg Collective.
      ubiquitous one
  • haha.... fun to spar w/ criminal minds & win!

    Wonder how they like firing a blunderbuss back in their face? :D
    i2fun@...
  • Serves them right

    It's about time. I think someone should just dedicate their time and efforts at tracking down these malware creators and give them a taste of their own medicine.
    Digital Vigilantism
    tbensen@...
    • Re; a taste of their own medicine

      @tbensen@...
      Exactly !
      If they try to get money out of their victims, take [b] their money [/b] !
      If they try to cause a DOS, DOS them !
      hkommedal