The Fragus Exploit kit is a newcomer to the market, having improved upon the trend started by authors of such suites as the Liberty Exploit System and the Exp Eleonore Pack, Fragus is a grab bag of exploits for vulnerabilities in multiple software components. Similarities abound among these suites, from which vulnerabilities they exploit, to the layout and handling of the control panel, to the domains and IPs from which they can be downloaded. Liberty and Eleonore are both slightly older exploit kits whose latest versions have been updated to include much of the same functionality and easy-of-use as Fragus.
For the low price of 800 USD, Fragus is designed to simplify the administration of your bot network. It boasts support for English and Russian, statistical breakdowns of your botnet by browser, operating system (including version), by country, and by what’s euphemistically referred to as your “clients”.
Fragus comes pre-installed and ready to exploit:
MDAC – MS07-009, a vulnerability in MS Data Access Components which can allow remote code execution.
DirectShow – MS09-032, exploits the MS Video (DirectShow) ActiveX Control vulnerability.
Internet Explorer – MS09-002, a critical vulnerability in IE7 that allows for memory corruption and remote code execution.
Spreadsheet – MS09-043, an ActiveX Control vulnerability is MS Office Web Components.
AOL WinAmp – another system vulnerable to an ActiveX Control exploit, (CVE-2007-6250)
Snapshot – MS08-041, an exploit targeted at MS Access Snapshot Viewer’s ActiveX Control vulnerability.
Flash – targets an integer flow vulnerability in Adobe Flash Player (CVE-2007-0071)
For people concerned over spending $800 on an exploit pack only to have its payload identified by antivirus programs, for an extra $150 you will receive a proprietary encryption program specifically designed to evade detection.
Unsurprisingly, many of the domains and IPs at which Fragus is available have at one time or another hosted other sorts of malware, including the LIberty Exploit System, the Zeus trojan, and various other PDF and flash exploits.
The future of botnet administration is here now… and it sure is easy to use.
For a far more eloquent presentation of the facts, check out Paul Royal’s work at Purewire.