“The Web Attacker Toolkit,” which can be purchased for $15 to $20 exploits unpatched vulnerabilities in Internet Explorer and Firefox. The “smartbomb” virus latches onto the browsers code and then attacks its most vulnerable parts.
Websense says the hacking kit is being used on more than 1,000 websites to put a Trojan horse on susceptible computers. The worm runs in the background so surfers won’t realize their machine is being hacked. According to Websense, the Trojan can log keystrokes, download additional code, or open backdoors.
“It puts a bunch of code on a site that not only detects what browser the victim is running, but then selects one of seven different vulnerabilities to exploit,” Dan Hubbard, senior director of security and research at Websense said. “[This is] depending on how well patched the browser is.”
Interestingly, websites that host the malicious code also include a statistics page that shows “the number of infected clients, percentage of clients that have been infected, and a breakdown by country, operating system, and browser,” says Websense’s security alerts page. One of the bugs compromised 1,773 computers by using a three-year-old flaw in IE.
“Everyone knows they should patch their browsers,” Hubbard said, “but this is further evidence that that’s not happening as much as it should be.”
In its research, Websense has calculated that there have been more than 10,000 successful infections, which registers a 3 to 13 percent overall success rate.