On TV.com: LOST Fans are Annoying
BNET Business Network:
BNET
TechRepublic
ZDNet

July 28th, 2008

Evilgrade: Exploit toolkit pwns insecure online updates

Posted by Ryan Naraine @ 11:07 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Exploit code, Java, Malware, Metasploit, Patch Watch, Pen testing, Phishing, Responsible disclosure, Zero-day attacks

Tags: DNS, Toolkit, Evilgrade README, Domain Names, Networking, Internet, Ryan Naraine

Malcode distribution framework releasedA security research outfit in Argentina has released a malcode distribution toolkit capable of launching man-in-the-middle attacks against popular products that use insecure update mechanisms.

The toolkit, called Evilgrade, works in conjunction with man-in-the-middle techniques (DNS, ARP and DHCP spoofing) to exploit a wide range of applications, according to a post on the Metasploit blog.

The first version of the toolkit ships with exploit modules for several widely deployed software, including Apple’s Mac OS X and iTunes, WinZip, Winamp, OpenOffice and Sun Java.

A demo video provides a scary look at how a sophisticated blended attack can be used to target millions of Windows users.

In the video, Evilgrade uses HD Moore’s recent DNS exploit in tandem with Sun’s Java update mechanims to execute code and hijack a fully patched Windows machine:

Exploit toolkit pwns insecure online updates

Exploits are also available for the Linkedin Toolbar, DAP, Notepad++, and Speedbit.

From the Evilgrade README document:

ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates. It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victim dns traffic.

See more in this slide deck (pdf).

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 17 Talkback(s)
"flawed by design"
isn't an oxymoron. "flawed perfection" would be. (Read the rest)
Posted by: rtk Posted on: 07/30/08 You are currently: a Guest | | Terms of Use
Argentina having a more primitive system of Justice...  Anton Philidor | 07/28/08
You don't know Argentina  alecco | 07/28/08
OS X is on the list, Windows isn't  NonZealot | 07/28/08
Really?  zkiwi | 07/28/08
Not Really  Ben Step | 07/29/08
The phone company might be using Sun  BALTHOR | 07/28/08
So we dump Winzip, Java and Winamp and that's it?  tonymcs@... | 07/28/08
Educate yourself  Red_Beard | 07/29/08
Not talking OS generalities  NonZealot | 07/29/08
"that is not what is being discussed here."  bmerc | 07/30/08
"flawed by design"  rtk | 07/30/08
OSX Uses an insecure update method...  PrimeRisk | 07/29/08
trust me 99% of Windows users have never heard of it ...  bmerc | 07/30/08
For people going on OS flame wars, Don't be so cocky  nilotpal_c | 07/29/08
Laugh or cry?  Ben Step | 07/29/08
RE: Evilgrade: Exploit toolkit pwns insecure online updates  phatkat | 07/29/08
Lenovo and Cygwin update vulnerabilities..  decalsecobjs | 07/29/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here