A hacking toolkit that enables allow cyber criminals to subvert computers and more effectively evade detection is responsible for compromising thousands of machines last month, according to Yuval Ben-Itzhak, CTO of security company Finjan. In December 2007, Finjan identified more than 10,000 Web servers infected with a malicious hacking kit called “random js toolkit.” In June, the company found an average of 30,000 newly infected malicious Web pages every day — the result of “random js tookit” — and the company claims the situation is much worse today.
Ben-Itzhak said the hacking kit is particularly difficult to deal with because it has been designed to hide from computer security researchers and security software. The malicious software stores the IP addresses of Web crawlers — used by search engines and security companies to analyze Web pages — so it can identify them and serve them clean content. Visitors determined to be real people get malware.
The kit generates one-time use random URLs to prevent malicious Web pages from being blacklisted or analyzed by security researchers. And its infectious scripts are also dynamic, appearing to a new visitor and then never again.
Hack, Hacking, Toolkit, Web, Server, Web Servers, Web Pages, Malicious, Code