Home » Home Users » Press Center » Subscriptions » Oxygen3 » Oxygen3 File

Weekly summary

"Most writing is done away from the typewriter" Henry Miller (1891-1980), US Writer. (On June 23, 1868, the typewriter is patented)

Madrid, June 23, 2007 - This week highlighted new was published on June 20: PandaLabs has discovered the new 0.90 version of the malicious tool Mpack, available for US$1000 on the Web. This application could be defined as "a kit for installing malware through exploits", as it can detect and download exploits for numerous security holes.

The cyber-crooks even offer one year's free support to those buying this version. Hackers that want to update Mpack with new exploits can buy them for between $50 and $150 per exploit.

The infection process starts with a hacker accessing a web page and adding an iframe reference pointing to the server with Mpack installed. If a user then visits one of these pages, the iframe executes the Mpack index. This then searches for vulnerabilities on the user's computer. If it detects one, it downloads the corresponding exploit.

Other news were:

  • Serious problems in Yahoo! (06/18/07)

    • After the two problems reported in Yahoo! Messenger, a flaw has been detected in Yahoo! concerning XSS handling. A proof of concept has been published which allows Yahoo Mail accounts to be fraudulently used by exploiting this error. An attacker could have complete access to a Yahoo! account simply by tricking the targeted user into clicking on a link.

  • SUSE Linux 9.3 now out of support (06/19/07)

    • Since yesterday, version 9.3 of SUSE Linux has ceased to receive tech support.

  • Updates against infections (06/21/07)

    • The widespread propagation of the "Mpack" exploit installation kit uncovered by PandaLabs has underlined the importance of updates on computers.

  • PandaLabs discovers a new malicious tool allowing hackers to control botnets (06/22/07)

    • PandaLabs has uncovered DreamSystem, a system for controlling several variants of the DreamSocks family of bots. Version 1.3 of this tool, the latest known edition, is being sold on several online forums for around US$750. The price includes free updates to new versions.