One might think that buying exploit code to create spyware would be sort of expensive. But it's not.
Security software maker Sophos reported that they found a site selling a spyware kit, WebAttacker, for $15. The kit comes with technical support and includes scripts that help automate the establishment of malicious Web sites. Intruders then send out mass mail inviting people to visit the site under various pretenses. When a person does visit then scripts try to infect the visitor's computer with a Trojan using a number of known vulnerabilities. The Trojan is typically designed to steal passwords and banking information, or log keystrokes.
The appearance of cheap kits such as WebAttacker will undoubtedly add to the number of people who turn to crime as a path towards "easy money."
"By simplifying the task of the potential hacker and making it available so cheaply, sites like this one will attract opportunists who aren't necessarily very skilled and turn them into cyber-criminals," said Carole Theriault, senior security consultant at Sophos. "[A]s long as the money continues to flow, there will be interested parties."
I still see things that attack the system, but these viruses, and trojans think they are attacking a real system and in fact it is more like a honey pot.
Furthermore I prevent the local host from being able to see the internet using the firewall and disabling services that are required to make it work on the local host all while being able to surf even known dangerous sites without worry or concern because I have taken my focus away from the unsuccessful task of preventing these kinds of attacks, and put it on instant recovery instead. I still protect the system in all of the traditional ways but now I can do what ever I want on the Internet and stick it to the attackers another way. MS needs to build a Virtual PC app into Vista to allow this kind of technique to be used widespread. To me it is the closest thing to being unhackable since the CD-ROM is read only the best they can do to me is wreak my temp .vhd which I can turn off and patch then surf again.
A Russian website is selling a spyware kit, called WebAttacker, for approximately ten pounds sterling. The website, which refers to its creators as spyware and adware developers, markets the strengths of its kits, makes the kits available for online purchase and offers technical support to its buyers.
Included in the kits are scripts designed to simplify the task of infecting computers - the buyer need only spam out a message to email addresses, inviting recipients to visit a compromised website. Newsworthy topics are used to lure unwary users. One presents itself as a warning of the deadly H5N1 bird flu virus, providing links to the bogus website, which purports to contain advice on how to protect "you and your family". The other claims that Slobodan Milosevic was murdered and invites users to visit the site for more information. These websites then attempt to download the malicious code remotely onto the user's PC by taking advantage of known web browser and operating system vulnerabilities.
JavaScript code on the infected websites detects the visiting computer's browser version and operating system, including any installed patches, and launches the most appropriate exploit. The exploit downloads a program that attempts to turn off the firewall and install malware, generally a password stealer, keylogger or a banking Trojan. Sophos protection against this threat has been available since 13 March, 2006.
"This type of behaviour is inviting the return of script-kiddies," said Carole Theriault, senior security consultant at Sophos. "By simplifying the task of the potential hacker for a mere tenner, sites like this one will attract opportunists who aren't necessarily very skilled and turn them into cyber-criminals."
Dwight Brown writes about all aspects of spyware at his web blog http://www.Spyware---Remover.blogspot.com
