C.I.S.R.T.
Chinese Internet Security Response Team (GMT +0800)

ARP Attack Is So Easy

Large | Medium | Small
[Post on : November 3, 2007 19:20 | Category : PUP | by : smallmo] Reship : Original
In recent compromised site cases in China, we found that more and more hackers like using arp attack tools to infect other machines in the LAN automatically.

These tools are usually downloaded by Trojan-Downloaders. We will give an example to see how these tools work.

The following tool is one of the samples we receive today. Of course, it's also downloaded by a Trojan-Downloader. It is a Winrar Self-Extract archive. We open this file with Winrar.

Open in new window

We can see some files in this Winrar SFX archive.

First, "run.bat" file. The function of this file is to run "vml.exe", and make all the machines in the LAN be inserted this Iframe codes when visiting web pages.

Open in new window

Second, "3.vbs" file. This file is to run "run.bat".

Open in new window

And last, "vml.exe" and other files are arp attack files.

So it's more and more easy to give an arp attack in China. We think it's maybe one of the reason why so many arp attack cases are appeared in China.



Last modified by smallmo onNovember 3, 2007 20:08
Tags: , ,
Comments(3) | Trackbacks(0) | Reads(6355)
HEY Says :
May 18, 2009 10:59
Yes, it's easy. I am currently distressed with this problem. Speed is very low that I can barely open a page. And more than 3000+ times attacks per several hours.
GaMes Says :
March 24, 2008 08:56
so easy this script
Tim Says :
January 16, 2008 08:34
I can't uderstand what you said:it's more and more easy to give an arp attack in China?????


the reason is ?????? just because you can analyse the files?
Pages: 1/1 First page 1 Final page