Evil + Upgrade = Evilgrade !!!

The title is quite intriguing and to be honest it is equal to its capabilities! We are talking for the latest creation by Infobyte Security Research (http://www.infobytesec.com/), presented to the public by the name Evilgrade (http://www.infobytesec.com/down/isr-evilgrade-Readme.txt). It is in fact an explotation framework that simulates the update process of several programs who are well known to a normal user and its purpose is to inject malicious software in order to control the remote computer!

In simple words, if you have installed a program in your pc that belongs in the list of Evilgrade and you have already configured to automatically update it, then with Evilgrade and by calling the appropriate agent, you can trick it and install the appropriate backdoor to gain full control of the pc.

The list of modules which each one of them, handles a particular program is large enough (63 in total) and among them are the most popular programs that an average user works with. Here are some of the most well known:

- Teamviewer 5.1.9385
- Ccleaner 2.30.1130
- Notepad++ 5.8.2
- Java 1.6.0_22  winxp/win7
- aMSN 0.98.3
- Appleupdate <= 2.1.1.116 ( Safari 5.0.2 7533.18.5, <= Itunes 10.0.1.22)
- Mirc 7.14
- Windows update (ie6 lastversion, ie7 7.0.5730.13, ie8 8.0.60001.18702)
- Winscp 4.2.9
- AutoIt Script 3.3.6.1
- Google Analytics Javascript injection
- Winamp 5.581
- Nokiasoftware firmware update 2.4.8es - (Windows software)
- Nokia firmware v20.2.011
- BSplayer 2.53.1034
- Apt ( < Ubuntu 10.04 LTS)
- Blackberry Facebook 1.7.0.22 | Twitter 1.0.0.45
- VirtualBox (3.2.8 )
- Filezilla
- Flashget
- Skype
- Trillian <= 5.0.0.26
- VMware

.. and many more! See a sample of how it works to get a taste …

Quite impressive! For those interested to use the program or to develop a module of their own, you will need a good knowledge of Perl. A few info on how to implement a module is provided on the site but in not much detail i must say.

Feel free to experiment and let the hacking begin!

Share and Enjoy:
  • Print
  • Facebook
  • Digg
  • Twitter
  • StumbleUpon
  • del.icio.us
  • LinkedIn
  • Google Bookmarks