As with zero day exploits, in which hackers wait until after Microsoft's Patch Tuesday so they can start afresh and anew on hack Wednesday, it's good to know that some security folks are keeping an eye out for updates on the tools hackers use.
According to this article on InfoWorld that was based on a report by Symantec, an easy-to-use hacker toolkit has been updated to take advantage in a Microsoft's Access database system, ActiveX.
"Further analysis of these honeypot compromises has revealed that the exploit has been added to a variant of the Neosploit exploit kit, it will very likely reach a larger number of victims," said Symantec's report. "As is the case with most of these ActiveX attacks, they are being served by traditional Web sites that have themselves fallen victim to automated SQL injection attacks," Hittel wrote on a Symantec forum. "In the past, we have seen government, commercial, and hobby sites fall victim to these SQL injection attacks and subsequently begin serving exploits to each of their visitors."
Which makes me wonder what the sales pitches are like for these hacker tools...rob and steal and cheat without ever leaving your lair. Become a millionaire overnight with our major Microsoft exploit tool. Actually steal money that's supposed to go to Bill Gates. I mean, what are the cybercrooks gonna do if the hacker-ware doesn't work as planned, sue them?
Leave a comment