Skip navigation.

State of the art in CRiMEPACK Exploit Pack

| |

CRiMEPACK exploit pack is a widespread and accepted in the crime scene in this area came under the slogan "Highest Lowest rates for the price".

He is currently In-the-Wild 3.0 version is being developed as alpha (the first of this version). That's, is in the middle stage of evaluation, perhaps in the next few days will go on sale in underground forums, at which time it will know your actual cost.

Like any pack exploit, it also consists of a set of pre-compiled exploits to take advantage of a number of vulnerabilities in systems with weaknesses in some of its applications, then download and run (Drive-by-Download & Execute) codes malicious and convert that system into a zombie, and therefore part of the apparatus crime.

And I mean ... "criminal" because those behind the development of this type of crimeware do for this purpose. And judging by the pictures (a washcloth, a handgun, a wallet, money and what appears to be cocaine, own scenario of all mafia) observed in the authentication interface your control panel, this definition is very evident.

The first time I found this package was in 2009, when version In-the-Wild was version 2.1 and later expressed his "great leap" to one of the most popular: version 2.8 (still active) which in early 2010 had incorporated into its portfolio of exploits CVE-2010-0188 y CVE-2010-0806; in addition to adding an iframe generator and function "Kaspersky Anti-emulation", at a cost of USD 400.

In this first stage of the evaluation version 3, CRiMEPACK incorporates a total of 14 exploits, which are:

For all the exploits incorporates a feature that can be enabled or disabled from the control panel called "Aggressive Mode", which is a JAVA Applet that emerge through a pop-up window asking the victim whether to accept potential the applet. If so, reload the payload (the malware).

Furthermore, within the constantly evolving experience this type of crimeware, incorporates self-defensive measures such as avoiding desofuscación scripts and techniques anti Wepawet and Jsunpack.
In addition to automatically check if the domain used is listed in the services:

  • Norton SafeWeb
  • My WebOfTrust
  • Malc0de
  • Google Safe Browsing
  • MDL
  • McAfee SiteAdvisor
  • HpHosts
  • MalwareURL

Brian Kreb few days ago on his blog an article about the implication that this package was in the process of propagation and exploitation of a vulnerability, so far, the type 0-Day through JAVA, and certainly was exploited vulnerability through a class.

However, it was also associated with another exploit pack called SEO Sploit Pack and although it is not the same once more evidence is in complete business processes representing crimeware has a very high demand, offering low-applications costs within a competitive business model ... and increasingly aggressive!

Jorge Mieres

that so-called java 0day is

that so-called java 0day is not 0day. It's been patched for a while. Crimepack customers knew it when the update arrived but have time to profit anyways.

Other packs have been using it for some time too -- the pack authors gave Tavis his credit. Haven't seen SEO pack using it ITW, but haven't been watching it.

CRiMEPACK Exploit Pack

Dear where from i can download these Exploit Packs

1: CRiMEPACK Exploit Pack
2: Siberia Exploit Pack