Evilgrade: Exploit toolkit pwns insecure online updates

Malcode distribution framework releasedA security research outfit in Argentina has released a malcode distribution toolkit capable of launching man-in-the-middle attacks against popular products that use insecure update mechanisms.

The toolkit, called Evilgrade, works in conjunction with man-in-the-middle techniques (DNS, ARP and DHCP spoofing) to exploit a wide range of applications, according to a post on the Metasploit blog.

The first version of the toolkit ships with exploit modules for several widely deployed software, including Apple’s Mac OS X and iTunes, WinZip, Winamp, OpenOffice and Sun Java.

A demo video provides a scary look at how a sophisticated blended attack can be used to target millions of Windows users.

In the video, Evilgrade uses HD Moore’s recent DNS exploit in tandem with Sun’s Java update mechanims to execute code and hijack a fully patched Windows machine:

Exploit toolkit pwns insecure online updates

Exploits are also available for the Linkedin Toolbar, DAP, Notepad++, and Speedbit.

From the Evilgrade README document:

ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates. It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victim dns traffic.

See more in this slide deck (pdf).

[Source: zdnet]