Tag Archives: crimepack

The Darkode Cybercrime Forum, Up Close

July 15, 2015

By now, many of you loyal KrebsOnSecurity readers have seen stories in the mainstream press about the coordinated global law enforcement takedown of Darkode[dot]me, an English-language cybercrime forum that served as a breeding ground for botnets, malware and just about every other form of virtual badness. This post is an attempt to distill several years’ worth of lurking on this forum into a narrative that hopefully sheds light on the individuals apprehended in this sting and the cybercrime forum scene in general.

Something Old is New Again: Mac RATs, CrimePacks, Sunspots & ZeuS Leaks

May 16, 2011

One of the biggest challenges in information security — and with security reporting in general — is separating what’s new and worth worrying about from seemingly new threats and developments that really are just old threats repackaged or stubborn facts that get rediscovered by a broader audience. This post represents my attempt to apply that sorting process to several security news headlines that readers have been forwarding my way in the past week, and to add a bit more information from my own reporting.

Crimepack: Packed with Hard Lessons

August 5, 2010

Exploit packs — slick, prepackaged bundles of commercial software that attackers can user to booby-trap hacked Web sites with malicious software — are popular in part because they turn hacking for profit into a point-and-click exercise that even the dullest can master. But one reason I’ve focused so much on these kits is that they also make it easy to visually communicate key Internet security concepts that often otherwise fall on deaf ears, such as the importance of keeping your software applications up-to-date with the latest security patches.

One of the best-selling exploit packs on the market today is called Crimepack, a kit that I have mentioned at least twice already in previous blog posts. In this post, we’ll take a closer look at the “exploit stats” section of a few working Crimepack installations to get a sense of which software vulnerabilities are most productive for Crimepack customers.

Exploiting the Exploiters

June 23, 2010

Most computer users understand the concept of security flaws in common desktop software such as media players and instant message clients, but those same users often are surprised to learn that the very software tools attackers use to break into networks and computers typically are riddled with their own hidden security holes. Indeed, bugs that reside in attack software of the sort sold to criminals are extremely valuable to law enforcement officials and so-called “white hat” hackers, who can leverage these weaknesses to spy on the attackers or interfere with their day-to-day operations.

Unpatched Java Exploit Spotted In-the-Wild

April 14, 2010

Last week, a Google security researcher detailed a little-known feature built into Java that can be used to launch third-party applications. Today, security experts unearthed evidence that a popular song lyrics Web site was compromised and seeded with code that leverages this Java feature to install malicious software.