您所在的位置:金山安全中心 > 国际认证最新技术 > 正文

McAfee:对溢出漏洞利用程序的解析

发布者:Francois Paget 发布时间:2010-06-01 16-25-24

现在的网络犯罪经常利用漏洞来为其僵尸网络作铺垫,下文就是McAfee的高级分析师对溢出漏洞利用程序的简单解析,对此有兴趣的读者不妨一阅。

Today’s cybercriminals frequently use “exploit packs” to easily snare victims for their botnets. Users with underprotected computers who visit booby-trapped websites become the latest botnet zombies. I often receive requests asking me which exploit packs are current and which vulnerabilities they use.

To answer these inquiries, I’ve created a table that lists the exploits referenced by their Common Vulnerabilities & Exposures (CVE) names and their related kits. (Click on the image to enlarge it.)

FP_BLOG_100527_1.jpg

 

Looking at this table, we can see that the most up-to-date kit is Crimepack.
Version 3.0 alpha is in the wild. In March 2010, Version 2.2.1 was offered for $400.

FP_BLOG_100527_2.jpg

Next is the Phoenix Exploit Kit. Its price was around $400 in November 2009.

 

FP_BLOG_100527_3.jpg

 

The Eleonore exploit pack is another popular tool. It was recently in the news after the hack of the United States Treasury website. In February 2010, Version 1.3.2 sold for $1,200. In July 2009, the Version 1.2 went for $700 plus $50 for an encrypter. For $1,500, buyers received a version allowing them to manage the tool through their own domains.

FP_BLOG_100527_4.jpg

 

Next we have Fragus ($800), Yes Exploit Kit, and Siberia. In April 2010, the Yes Exploit Kit Standard Edition sold for $900. For an additional $250, buyers could include an “abuse-immunity” Virtual Private Server for one month and two “abuse-immunity” domains.

In the final four columns you’ll find the oldest common tools, offered from 2006 to 2008: El Fiesta, Icepack, MPack. and WebAttacker.

原文链接:http://www.avertlabs.com/research/blog/index.php/2010/05/28/an-overview-of-exploit-packs/