Hackers resurrect notorious attack toolkit

Neosploit, thought dead three months ago, behind PDF attacks, researcher says

Neosploit, the notorious hacker exploit kit that some thought had been retired months ago, has not only returned from the dead, but is responsible for a dramatic increase in attacks, a security researcher claimed Thursday.

"Neosploit's back," said Ian Amit, director of security research at Aladdin Knowledge Systems.

The accounts of its demise last summer had been a ruse, he argued. "When you're feeling that kind of heat," Amit said, referring to the attention Neosploit had received from both researchers and authorities, "you want to shake those guys off your back. [The talk about quitting] only helped them go under the radar."

In July researchers at RSA's FraudAction Research Labs said that they had evidence that the creators of Neosploit were abandoning the business. For proof, RSA quoted a going-out-of-business message said to have originated with Neosploit's authors.

Neosploit, which first appeared in 2007, was a follow-on to the earlier MPack, and a contemporary to another infamous exploit kit, WebAttacker. Those kits, Neosploit included, were used by cybercriminals to launch attack code aimed at new vulnerabilities in Windows, Internet Explorer or third-party software such as Apple's QuickTime. But Neosploit also boasted features new to the click-to-attack business, including sophisticated statistical analysis and management tools.

However, even RSA didn't expect the Neosploit group to disband. "This isn't necessarily the end of this group," said Sean Brady, an RSA product marketing manager, in July.

Turns out he was right.

A month ago, researchers at Aladdin started to suspect that the Neosploit developers were back in business. Two days ago, they uncovered hard evidence: A server hosted in Argentina, run by a longtime Neosploit customer, that contained Neosploit 3.1. The build was dated Aug. 9, weeks after Neosploit's makers supposedly threw in the towel.

According to Amit, other data on the server showed that it was catering to 20 users, seven of whom he characterized as "very high volume," who were logging thousands of successful exploits each day from their use of Neosploit.

Those 20 criminals, added Amit, had compromised between 200 and 300 Web sites, which in turn were being used to serve up exploits from Neosploit to any visitor running a system that had not been fully patched. He found evidence of more than a quarter-million successful attacks against PCs carried out by those sites.

"Neosploit's sole purpose is to deliver malicious code to browsers," Amit said, noting that site hacking isn't part of the kit's jobs. Instead, criminals compromise sites through other vulnerabilities or by gaming the site's administrative password. Only then do they modify the hacked site with attack code from Neosploit.

Join the PC World newsletter!

Error: Please check your email address.

Tags hack

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?