Tornado exploit kit touches down

Share this article:

The recently discovered Tornado exploit toolkit is one of the most sophisticated toolkits released and may be a precursor of things to come. According to Symantec, it's chilling evidence of how hackers can take advantage of vulnerabilities.

Tornado has actually been out for at least six months. It is unusual for these types of exploit toolkits to have such a low profile, but it appears the people who wrote it have been more discreet than usual, said Alfred Huger, vice president of development at Symantec. The software, however, has only been recently publicly released.

“This toolkit itself is setup as a service,” Huger told SCMagazineUS.com on Tuesday. “A potential attacker would pay a subscription fee to use a console that can be used to launch attacks on other sites. It will manage your victims for you and can organize a large number of machines that have been compromised.”

The Tornado exploit toolkit appears to target mostly smaller, personal websites by altering the pages. However, Huger admitted that large commercial sites could eventually be attacked as well.

“It infects the websites that exploit vulnerabilities in browsers,” he said.

Huger added that it appears the hackers are using stolen credentials to gain access to these small websites to add malicious code to pages that the site's owner can manipulate himself.

Once infected, the hacker can download malware onto a user's computer and gains the ability to do whatever he wants, from stealing financial information to turning the computer into a bot, researchers said.

The Tornado exploit toolkit is part of a chilling new trend, Huger said.

“This product is very polished, a commercial-grade software package,” he said. “And people are adopting it rapidly.”

 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.