Saturday, October 11, 2008

Evilgrade = Pure Evil + Upgrade

I have to give credit to Pauldotcom for doing a tech segment on Evilgrade on the Pauldotcom Security Weekly podcast recently. After hearing about Evilgrade I was interested in gaining more information on how the tool worked.

Evilgrade from Infobyte Security Research is a framework similar to Metasploit Framework (MSF) except it's specifically designed to exploit software updates. The tool uses a couple of techniques including DNS manipulation and rogue upgrade servers to exploit update services of many applications including Notepad++ and Java. So you may patch your system from vulnerabilities and at the same time get a little bit extra out of your update. That's bad for you but good for an attacker.

See the Demo at your own risk > http://www.infobyte.com.ar/demo/evilgrade.htm

It also looks like Evilgrade will get gobbled up into to MSF eventually. MSF is like the Energizer battery Bunny of "security" tools, just keeps going, going, going.......

No comments:

Post a Comment