State of the art in CRiMEPACK Exploit Pack
CRiMEPACK exploit pack is a widespread and accepted in the crime scene in this area came under the slogan "Highest Lowest rates for the price".
He is currently In-the-Wild 3.0 version is being developed as alpha (the first of this version). That's, is in the middle stage of evaluation, perhaps in the next few days will go on sale in underground forums, at which time it will know your actual cost.
Like any pack exploit, it also consists of a set of pre-compiled exploits to take advantage of a number of vulnerabilities in systems with weaknesses in some of its applications, then download and run (Drive-by-Download & Execute) codes malicious and convert that system into a zombie, and therefore part of the apparatus crime.
And I mean ... "criminal" because those behind the development of this type of crimeware do for this purpose. And judging by the pictures (a washcloth, a handgun, a wallet, money and what appears to be cocaine, own scenario of all mafia) observed in the authentication interface your control panel, this definition is very evident.
The first time I found this package was in 2009, when version In-the-Wild was version 2.1 and later expressed his "great leap" to one of the most popular: version 2.8 (still active) which in early 2010 had incorporated into its portfolio of exploits CVE-2010-0188 y CVE-2010-0806; in addition to adding an iframe generator and function "Kaspersky Anti-emulation", at a cost of USD 400.
In this first stage of the evaluation version 3, CRiMEPACK incorporates a total of 14 exploits, which are:
desc="IE6 COM CreateObject Code Execution" CVE-2006-0003
desc="IE7 Uninitialized Memory Corruption" CVE-2010-0806
desc="JRE getSoundBank Stack BOF" CVE-2009-3867
desc="IEPeers Remote Code Execution" CVE-2010-0806
desc="Opera TN3270" CVE-2009-3269
desc="AOL Radio AmpX Buffer Overflow" CVE-2007-5755
desc="Internet Explorer 7 XML Exploit" CVE-2008-4844
desc="Firefox 3.5/1.4/1.5 exploits" CVE-2009-355
desc="Adobe Acrobat LibTIFF Integer Overflow" CVE-2010-0188
desc="OWC Spreadsheet Memory Corruption" CVE-2009-1136
desc="Bundle of ActiveX exploits" CVE-2008-2463
For all the exploits incorporates a feature that can be enabled or disabled from the control panel called "Aggressive Mode", which is a JAVA Applet that emerge through a pop-up window asking the victim whether to accept potential the applet. If so, reload the payload (the malware).
Furthermore, within the constantly evolving experience this type of crimeware, incorporates self-defensive measures such as avoiding desofuscación scripts and techniques anti Wepawet and Jsunpack.
In addition to automatically check if the domain used is listed in the services:
- Norton SafeWeb
- My WebOfTrust
- Google Safe Browsing
- McAfee SiteAdvisor
Brian Kreb few days ago on his blog an article about the implication that this package was in the process of propagation and exploitation of a vulnerability, so far, the type 0-Day through JAVA, and certainly was exploited vulnerability through a class.
However, it was also associated with another exploit pack called SEO Sploit Pack and although it is not the same once more evidence is in complete business processes representing crimeware has a very high demand, offering low-applications costs within a competitive business model ... and increasingly aggressive!