Series: Looking through the keyhole – Mpack

March 25, 2009


Mpack is kind of a patriarch to many of the modern crimeware kits, however it is important to know what kicked this whole thing off.

There where many many versions (0.851, 0.91, 0.80)

Here is a screenshot of an Mpack interface. Here is an excellent overview of its backend components.

Panda also wrote an great writeup on it.

Notice how many of these packs have similar interaces, reporting and features,  Not much in the way of advanced innovation.  They do innovate however slowly through evolutionary methods, not revolutionary.  I would thing that if you put real systems engineer design principals behind this you could come up with something way better. 

mpack

You would think that with the amount of money this stuff pulls in there would be more original development.  Then again it works… so why change.

Once again I will be looking for source to post here for research.

Has anyone determined or done any Marketshare studies about these packs.  It would be an interesting thing to see how the marketshare percentages play out globally and by Region. 

I would like to originate a new Thought Meme on this called “Malicious Product MarketShare”

The goal would be to track the evolutionary phases and trends of these packs and their development, the pricing trends, their percentage of market share by region and globally as well as localization and customization.

Additional trends would be the average number of exploits each includes, inclusion of new features ectera.

Here is an earlier version.  Apparently it had not been using Usernames but just passwords.

mpack2

Apparently Finjin in their research clearly identifies the users of these services as shown here in one of their reports.

crim

This is a perfect example of implementing my Meme of “Open Source Evidence”  I bet you any amount of money 2 years later.  These individuals met with no penalty whatsoever due to the International excuse and throwing up our hands and saying what can you do…. we dont get cooperation… 

Here is what you do Jackasses.  Expose them to the light of day and then See what happenss.  Do you think that they would be employeed by legitimate companies if they are known criminals?  Do you think maybe you could explose them to possible physical harm due to them being outted?  Do you think they would be employed by the badguys if they are known to be exposed?  IF sufficient light is placed on these people they become worthless due to the fact that they would be potential targets for action.  Good or Bad. 
If I was a cyber mob boss and my henchmen where exposed I would not want to take the risk of having them compromised and roll on me.  So the LESSON of the day is:  POST TO THE NET FIRST THE EVIDENCE (Unredacted and its all its true form and glory.  THEN notify the authorities or the providers, IF you like.  and if its worth it.  Probably not worth it if you ask me..

mpack22

mpack11

mpack3

mpack8

mpack_chinese_01

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: