Evilgrade from Infobyte Security Research is a framework similar to Metasploit Framework (MSF) except it's specifically designed to exploit software updates. The tool uses a couple of techniques including DNS manipulation and rogue upgrade servers to exploit update services of many applications including Notepad++ and Java. So you may patch your system from vulnerabilities and at the same time get a little bit extra out of your update. That's bad for you but good for an attacker.See the Demo at your own risk > http://www.infobyte.com.ar/demo/evilgrade.htm
It also looks like Evilgrade will get gobbled up into to MSF eventually. MSF is like the Energizer battery Bunny of "security" tools, just keeps going, going, going.......
No comments:
Post a Comment