Personally I don't even try to count the amount of times I get popups telling me "There is a java update", "There is an adobe update", "There is an xyz update" on my various PCs. There are many mechanisms, for these updates (especially on Windows systems) and as each mechanism is independent, so it is up to the software vendor for each application, how these mechanisms are implemented, and how securely.
Most update mechanisms are fairly basic:
- System checks periodically at a predefined URL
- System checks an index file for anything new at that location
- System downloads updates specified and installs them
Basically, this set of techniques means that attackers can replace the update process, and rather than provide legitimate updates, can install malware of the attackers' choice at the time they choose.
The basic mechanism is to use network hacking techniques typically used for man-in-the-middle attacks (MITM), to substitute an attackers' host for a legitimate download location. For example using; ARP spoofing, DNS Cache Poisoning, DHCP spoofing, TCP hijacking or WAP impersonation. The attackers' system then provides notifications, and updates, in place of the legitimate update service.
This second release of Evilgrade (2.0), released on 27th October 2010, supports many more application update services, including the following:
- Freerip 3.30 - Jet photo 4.7.2 - Teamviewer 5.1.9385 - ISOpen 4.5.0 - Istat. - Gom 2.1.25.5015 - Atube catcher 1.0.300 - Vidbox 7.5 - Ccleaner 2.30.1130 - Fcleaner 1.2.9.409 - Allmynotes 1.26 - Notepad++ 5.8.2 - Java 1.6.0_22 winxp/win7 - aMSN 0.98.3 - Appleupdate <= 2.1.1.116 ( Safari 5.0.2 7533.18.5, <= Itunes 10.0.1.22, <= Quicktime 7.6.8 1675) - Mirc 7.14 - Windows update (ie6 lastversion, ie7 7.0.5730.13, ie8 8.0.60001.18702, Microsoft works) - Dap 9.5.0.3 - Winscp 4.2.9 - AutoIt Script 3.3.6.1 - Clamwin 0.96.0.1 - AppTapp Installer 3.11 (Iphone/Itunes) - getjar (facebook.com) - Google Analytics Javascript injection - Speedbit Optimizer 3.0 / Video Acceleration 2.2.1.8 - Winamp 5.581 - TechTracker (cnet) 1.3.1 (Build 55) - Nokiasoftware firmware update 2.4.8es - (Windows software) - Nokia firmware v20.2.011 - BSplayer 2.53.1034 - Apt ( < Ubuntu 10.04 LTS) - Ubertwitter 4.6 (0.971) - Blackberry Facebook 1.7.0.22 | Twitter 1.0.0.45 - Cpan 1.9402 - VirtualBox (3.2.8 ) - Express talk - Filezilla - Flashget - Miranda - Orbit - Photoscape. - Panda Antirootkit - Skype - Sunbelt - Superantispyware - Trillian <= 5.0.0.26 - Adium 1.3.10 (Sparkle Framework) - VMware
...and I am sure there are many, many more possibilities which could easily be developed on top of this framework.
More information and an installer download of the tools are available from the authors' website at infobyte.com.ar
Take great care when using this application. Use it only for legitimate testing purposes, and do not break the law.
Mitigations
- Limiting the number of applications on corporate laptops to only those required for working
- Deploying software management systems
- Networking protections for typical MTIM attacks
Hey Guys !
ReplyDeleteUSA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
All Leads have genuine & valid information
**HEADERS IN LEADS**
First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
->$5 PER EACH
->Hope for the long term deal
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040