Saturday, October 11, 2008

Evilgrade = Pure Evil + Upgrade

I have to give credit to Pauldotcom for doing a tech segment on Evilgrade on the Pauldotcom Security Weekly podcast recently. After hearing about Evilgrade I was interested in gaining more information on how the tool worked.

Evilgrade from Infobyte Security Research is a framework similar to Metasploit Framework (MSF) except it's specifically designed to exploit software updates. The tool uses a couple of techniques including DNS manipulation and rogue upgrade servers to exploit update services of many applications including Notepad++ and Java. So you may patch your system from vulnerabilities and at the same time get a little bit extra out of your update. That's bad for you but good for an attacker.

See the Demo at your own risk >

It also looks like Evilgrade will get gobbled up into to MSF eventually. MSF is like the Energizer battery Bunny of "security" tools, just keeps going, going, going.......

No comments:

Post a Comment