Recently, there is a Russian web site discovered that sells a spyware kit, called WebAttacker, for a price of approximately RM 80+. This site, which refers to it’s creators as “spyware and adware developers”, markets the kits by strength and sells them online, along with technical support for buyers.
Included in the kits are scripts desgined to simplify the task of infecting computers – the buyer need only spam out a message to email addresses, inviting recipients to visit a compromised web site.
Samples found in Sophos’s network of monitoring stations use newsworthy topics to lure unwary users. One presents itself as warning of the H5N1 bird flu virus, providing links to the bogus site. Another claims that Slobodan Milosevic was murdered and invites users to visit the site for more information. These sites then attempt to download the malicious code remotely on to the user’s PC by taking advantage of known browser and operating system vulnerabilities.
“This type of behaviour is inviting the return of script-kiddies,” said Carole Theriault, senior security consultant at Sophos. “By simplifying the task of the potential hacker for a mere tenner, sites like this one will attract opportunists who aren’t necessarily very skilled and turn them into cyber criminals.”