New Storm Tactic: Krackin Software
FYI...
- http://www.websense.com/securitylabs...hp?AlertID=808
October 17, 2007 - "Websense® Security Labs™ has received several reports of a new Web site that is being distributed in spam sent out by those running the Storm attacks. For more details on the Storm attack, see ( http://www.websense.com/securitylabs...php?BlogID=141 ).
This site poses as a new piece of software called "Krackin v1.2" and advertises:
* Easy to install
* Auto-Virus scanning
* Mobile Source Downloading
* IP Blocking to Prevent Tracking
* Unwanted User Blocking
Users with unpatched computers are automatically exploited. Users with patched computers are prompted to download and run a file called "kracking.exe" This file contains the Storm payload code..."
(Screenshot available at the URL above.)
More references - same stuff:
- http://www.disog.org/2007/10/lets-ge...ty-krakin.html
- http://www.f-secure.com/weblog/archives/00001296.html
October 17, 2007 - "...a mere visit to the site using an unpatched system will trigger an exploit to automatically download and execute a malicious file. Patched systems are protected but only if the users do not choose to download the file (with filename krackin.exe) and execute it themselves. The webpage is detected as Trojan-Downloader.JS.Agent.KD while the file is detected as Email-Worm.Win32.Zhelatin.KE. This is one network you wouldn't want to join, so make sure to keep your databases updated."
.