MPack - v0.91 now rated as More Dangerous - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

MPack - v0.91 now rated as More Dangerous

MPack is a "malware development package", which allows rapid and easy-to-develop construction of web based attacks (e.g., PHP scripts, exploits). A new version has surfaced which offers increased capabilities as noted by Symantec:

MPack - v0.91 now rated as More Dangerous
http://www.symantec.com/enterprise/security_response/weblog/2007/08/mpack_getting_more_dangerous.html

quote:

Some of the key enhancements in the new version include:

1. The exploits include the existing ones present in v0.84.
2. There have been some changes to the management and reporting interface.
3. Some additional files are a part of the installation to ensure authentication.
4. Mpack has also introduced some more encryption and obfuscation to increase the detection complexity.
5. There are some modifications in the Mpack loading pages (ability to target specific countries)

MPack toolkit v0.91 also comes with a legal disclaimer: Mpack is created solely for test purposes. You are prohibited to use it in conditions violating local or international laws. Authors hold no responsibility for any damage, direct or indirect, caused by usage of this software.

Symantec's analysis of v0.86
http://www.symantec.com/enterprise/security_response/weblog/2007/05/mpack_packed_full_of_badness.html

What is MPACK?
http://isc.sans.org/diary.html?storyid=3015
http://www.securityfocus.com/news/11476

quote:

In June 2006, three Russian programmers started testing a collection of PHP scripts and exploit code to automate the compromise of computers that visit malicious Web sites. A year later, the MPack kit has become an increasingly popular tool, allowing data thieves and bot masters to take control of victims' systems and steal personal information. The MPack infection kit has been blamed for hundreds of thousands of compromised computers. And, it's malicious software with a difference: The creators have offered a year of support to those clients from the Internet underground who purchase the software for anywhere from $700 to $1,000.

Posted: Aug 17 2007, 08:42 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.