Fighting back against web attacks

  • Published
Close-up of sieve, Eyewire
Image caption,

Many of the malware kits were riddled with holes

Hi-tech criminals are not very good at securing the tools they use to attack websites, suggests research.

Security experts have found that many of the kits used by cyber criminals are riddled with bugs and vulnerabilities.

Exploiting the bugs might mean that the attack tools can be turned against those using them.

The bugs found by the researchers could be used to identify who is using the tools and even launch a counter-attack.

While some cyber criminals handcraft their own attack tools, many others take advantage of the so-called malware kits that are widely available online.

These programs bundle into one convenient package everything the budding cyber criminal needs to get started.

French computer security researcher Laurent Oudot from Tehtri Security has analysed the inner workings of many of these malware kits to see how secure they are.

Mr Oudot found that that many of the kits, which have names such as Neon, Eleonore and Sniper, sport significant loopholes that are relatively easy to exploit.

In a presentation at the SyScan 2010 security conference in Singapore, Mr Oudot released details of 13 separate unpatched vulnerabilities he found in some of the most popular malware kits used to attack websites.

In many cases, said Mr Oudot in his presentation, exploiting these vulnerabilities would allow security researchers to "hack the web hackers".

Using the vulnerabilities would allow people to get more information about attackers, perhaps identify them, steal their tools and methods, or even follow the trail back to an attacker's own computer.

Mr Oudot acknowledged that using the loopholes might "lead to legal issues" but said the research was done to "open new way[s} to think about IT security worldwide".

Related internet links

The BBC is not responsible for the content of external sites.