Hi malware fighters,
Almost one in every six criminal website that steal information or infect visitors
with Trojans, are being made using simple do-it-yourself toolkits. Towards the
end of the year 2005 6% of these kind of sites were produced with software
like "WebAttacker"or the less known “Nuclear Grabber”.
So there is a substantial grow of the lazy-type malcreant.
The software is being sold for prices between 25 and 3000 dollar. Researchers
also found a poll on a website where the makers of WebAttack informed how much
clients thought to spend, over half of them thought to spend between a 100 and 300 dollars.
Toolkits exploit holes and flaws in both IE and FF browsers to either infect systems
or remotely control them. Software is being upgraded on a regular basis to avoid detection from av-scanners.
Besides infecting PCs on the homefront toolkits also infect website-hosting servers. 40% of all malicious sites are hosted on compromitted machines, of wich some run legit wensites. There are numerous clientside-exploits, but also server-side flaws are being exploited on servers.
polonus