Off the Shelf Malware with 1 Year Technical Support!

It’s common knowledge within the security industry that you can hire hackers, hire out the use of botnets and even buy zero day exploits, malicious scripts and viruses, but what surprised me recently, is that you can buy packaged Malware, which even comes with technical support. Recently one such package, MPack, a PHP malware kit put together by Russian hackers has been causing problems. MPack can be bought for £500 ($1000), and includes a year of technical support and options of purchasing extra exploitation modules. MPack exploits the latest vulnerabilities in M$ Windows web browsers; oh it is browser aware as well, so Opera and FireFox won’t save you. For the most part an infected MPack website scans your browser and OS for security flaws, and if it finds any it exploits them, as well as storing stats about your system for future reference. The fact the MPack product can be regularly updated by the hackers producing it, is its greatest danger, as it means it can stay ahead of Anti Virus products signature updates (i.e. undetected by Anti Virus) and use the latest discovered zero day exploits.

MPack has been around since December 2006 and has been used to infect completely legitimate websites, most notable in Europe, where Italy’s largest website hosting companies had been infected and MPack embed within legitimate websites, which attacked any computer visiting the infected website. It is believed hundreds and thousands of users were affected by the Italian attack alone.

If you want to stay protected, I suggest keeping your OS Patches and AV signatures up-to-date. Although legitimate websites have been hit by this, I wager the MPack product will be and is being used on “no so legitimate” websites.