Criminals have increased their attacks on retailer Websites using exploit kits to download data-stealing Trojans on victims' computers. The latest one, "Nice Pack," is not nice at all.
are seeing an uptick in Web attacks driven mainly by malware exploit toolkits
as cyber-criminals attempt to steal credit card information, according to Dell
attacks against retail customers were up 43 percent from January to September, Dell
said Oct. 10. The Dell SecureWorks Counter Threat Unit stopped
91,500 attackers per retail customer in the first nine months of 2011, compared
with 63,581 from April through December 2010.
increase was driven primarily by the popularity of Web exploit kits, according
to Jon Ramsey, Dell SecureWorks' CTO. A new kit, Nice Pack, has already
compromised over 10,000 Websites, according to the report. When unsuspecting
users come to the site, they are silently redirected to a different site that
is hosting the exploit kit, which tries to download malware onto the user's
are more aggressively using the Web as a primary attack vector for both clients
and servers," Ramsey said.
Pack uses a similar attack sequence as the more well-known Black Hold exploit
kit. Attackers use various techniques to compromise Web pages and embed
the code that was used in the recent
compromise of MySQL.com
, which directed users to a site hosting the Black
this point, Nice Pack attempts to install the ZeroAccess Trojan, which is
designed to remain hidden on the infected machine as it gathers confidential
information and ships it off to a remote server. ZeroAccess has some
rootkit-like capabilities that allow it to remain on the system despite
attempts to remove it.
has also been a jump in the number of SQL injection attacks against retailers,
according to Dell SecureWorks researchers. These attacks involve the malicious
perpetrator inserting database commands in a textbox or a form on the Website
and tricking the system into executing the commands when submitted.
this past spring, Rogelio Hackett Jr. pleaded guilty to using SQL injection attacks
to steal account information on 675,000 credit cards and racking up over $36
million in fraudulent transactions.
need to make sure they are keeping up with the latest patches for all servers,
desktops and software as many of the exploit packs take advantage of older
vulnerabilities that have not been closed.