Incident Response, TDR, Vulnerability Management

Tornado exploit kit touches down

The recently discovered Tornado exploit toolkit is one of the most sophisticated toolkits released and may be a precursor of things to come. According to Symantec, it's chilling evidence of how hackers can take advantage of vulnerabilities.

Tornado has actually been out for at least six months. It is unusual for these types of exploit toolkits to have such a low profile, but it appears the people who wrote it have been more discreet than usual, said Alfred Huger, vice president of development at Symantec. The software, however, has only been recently publicly released.

“This toolkit itself is setup as a service,” Huger told on Tuesday. “A potential attacker would pay a subscription fee to use a console that can be used to launch attacks on other sites. It will manage your victims for you and can organize a large number of machines that have been compromised.”

The Tornado exploit toolkit appears to target mostly smaller, personal websites by altering the pages. However, Huger admitted that large commercial sites could eventually be attacked as well.

“It infects the websites that exploit vulnerabilities in browsers,” he said.

Huger added that it appears the hackers are using stolen credentials to gain access to these small websites to add malicious code to pages that the site's owner can manipulate himself.

Once infected, the hacker can download malware onto a user's computer and gains the ability to do whatever he wants, from stealing financial information to turning the computer into a bot, researchers said.

The Tornado exploit toolkit is part of a chilling new trend, Huger said.

“This product is very polished, a commercial-grade software package,” he said. “And people are adopting it rapidly.”


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.