SecurityHome.eu WSLabs, Malicious Web site / Malicious Code: New Storm Tactic: Krackin Software

Home / mailings PDF

WSLabs, Malicious Web site / Malicious Code: New Storm Tactic: Krackin Software
Posted on 17 October 2007
Websense Security Lab
Websense® Security Labs(TM) has received several reports of a new Web site that is being distributed in spam sent out by those running the Storm attacks. For more details on the Storm attack, see (http://www.websense.com/securitylabs/blog/blog.php?BlogID=141).

This site poses as a new piece of software called "Krackin v1.2" and advertises:

* Easy to install
* Auto-Virus scanning
* Mobile Source Downloading
* IP Blocking to Prevent Tracking
* Unwanted User Blocking

Users with unpatched computers are automatically exploited. Users with patched computers are prompted to download and run a file called "kracking.exe" This file contains the Storm payload code.

Sample email text:

All the new movies music and more. In one place. The Krackin network.
http://<removed>

Web site screenshot in full alert.

For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=808

TOP

Mailings :

Last 20

Exploits :

Last 20