Experts warn of 'Tornado' hacker tool

Powered by SC Magazine
 

Security researchers have discovered a new web-based attack tool which exploits up to 14 browser vulnerabilities and installs malware on the user's system..

Symantec researcher Liam O'Murchu said that 'Tornado' is commonly installed on a server by a single 'administrator', who then offers accounts on the server to other attackers.

The attackers then inject code into other web pages to redirect users to the Tornado server, where the exploit and malware installation is conducted.

"Perhaps this is why the code for this pack has stayed private for so long," said O'Murchu.

"Using this model, the creators of the pack can sell it to a few trusted customers at a higher price, rather than selling it to many untrustworthy customers and risking the code being released in the underground."

Tornado also offers attackers a full set of traffic statistics and options for selecting which exploits can be conducted.

The malware features an option to redirect repeat visitors to a phoney 'account suspended' page.

This helps the tool to evade security researchers who will make repeated visits to infected pages in order to study the exploits and malware in use.

Programs such as Neosploit and MPack offer similar capabilities to set up servers that can conduct multiple exploits against users.

Copyright ©v3.co.uk


 
 
 
Top Stories
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
Will Nutanix be outflanked before reaching IPO?
VMware muscles in on storage startup in hyper-converged infrastructure.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 643

Vote