The “Web Attacker” Toolkit

The “web attacker” toolkit is a “bundled” hack tool used to quickly upload a series of client side (browser) exploits to a web server. The intent is too lure victims to the now malicious server, identify the web browser in use, and present the browser with the appropriate exploit to infect it with spyware or malware.

Websense Corporation has quite a detailed write up on this attack vector and since it seems to have become the attack method of choice it really warrants a good reading.

Websense Security Labs is seeing large increases in drive-by installations of malicious code that is hosted on websites that are using the Web Attacker Toolkit. When a user visits one of the nearly 1000 sites that are being used to run code without user intervention, a Trojan Horse is downloaded and run. It can log keystrokes, download additional code, or open backdoors on the user’s machine.

The kit is being sold on the Internet for as little as $20 and can be purchased and downloaded from a website hosted in Russia (see http://www.theregister.co.uk/2006/03/27/spyware_diy/). The Web Attacker tool also includes a nice graphical interface and an instructional manual to assist in configuring your server for the exploit. Along with that are details about which anti-virus engines cannot detect it, and how it works.

The kit has the ability to detect the visiting user’s browser through the user agent and will serve one of seven different exploits based on the browser settings. It includes exploits for a number of different browsers and browser versions.

What is also interesting is that the websites that are hosting the malicious code also include a statistics page that shows the number of infected clients, percentage of clients that have been infected, and a breakdown by country, Operating System, and browser.

As you can see from the screenshot below, the percentage of successful infections is quite high. On average we are seeing between 3% and 13% overall success rate. It is also interesting to notice the large number of machines that are not patched for older exploits. The statistics also show a column called “zero-day”. These exploits are not zero-days anymore, because Microsoft has patched them; however, this remains the largest percentage of infections.

There is additional information available at Websenses follow up article and at the Metasploit Blog.

If you ever wondered how you got spyware or malware on your PC and you haven’t installed anything recently that may be the culprit this is how it probably happened.

7 Responses to “The “Web Attacker” Toolkit”

  1. Cyber Jihad

    As Rusty says on The Jawa Report, we are on Al Queda 3.0. AL Queda is not what it was on 9/11. The old Al Queda 1.0 is dead and hiding in a cave somwhere not peeking its head outside.

  2. I visited such a malicious website which Google showed as offering a free software utility. I used the latest version of MIE browser, had my hardware NAT firewall running, and my antivirus program running, PLUS I clicked on NOTHING within the website, and yet, within seconds, the malicious site installed 4 trojans and 1 virus onto my computer and locked up my computer. Attempts to reboot into windows were unsucessful. The computer would boot using SAFE MODE, however, the malicious code had trashed all of the System Restore backups. The results of Web Attack toolkits are REAL, and SCARY. It is cyber terrorism. I thought I had pretty good protection, plus up-to-date Windows Update installations. What is one to do?

  3. hahaha wow im 15 and i know how to get better fire wall and virus protection dude just get it and forget about trojens worms ext mann

  4. I’ve got underwear older than that.

  5. Hey there! Someone in my Facebook group shared this website with us so I came to check it out.
    I’m definitely loving the information. I’m bookmarking and will be tweeting this to my followers! Superb blog and brilliant design.

  6. albo pretorio Says:

    Learn how the firm you’re thinking of employing actions their outcomes. Check with the way that they will make determinations regarding space needs, house selection as well as other matters which can be vital that you you. It is to your advantage to obtain the answers to these queries before you enter into a binding agreement.

  7. You can certainly see your enthusiasm in the work you write.
    Thhe world hopes for more passionate writers such as you who aren’t afraid to mention how they believe.
    At all times follow your heart.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: