New WebAttacker Uncovered in the Exploit (under) World

Hi folks,

More interesting events in the exploit (under)world … Last night, our Intelligence Network discovered a new version of WebAttacker, a particularly effective script-kiddie tool. Our users have nothing to fear as we already detect it with our existing signatures, but it's interesting to note the process these guys are following. The driving CGI in this new version is IE0606, which indicates it is intended to be released in June of 2006 (ie today). (The release in January was IE0601, and April’s was IE0604). Fortunately, our Intelligence Network was able to identify it almost immediately upon its release.

The new “feature” in this latest WebAttacker release appears to be the addition of an exploit for MS06-014 (MDAC vulnerability ....
http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx.)
It seems Microsoft patched this in the April release, so if you're patched, you're probably safe (although Microsoft did update their bulletin on May 11th, so you might want to double-check).

It looks as if the WebAttacker folks also pulled out some of the poorer-performing exploits that were evidently not getting enough victims to make it worthwhile. But this version does still include a sploit for a slightly old Firefox.

Like mainstream software companies, the exploit traffickers are constantly revving their product line in order to stay ahead of competing technology and to increase revenue.

The threat continues to evolve and the engine is fueled by profit…

-Rog