Series: Looking through the keyhole – SUTRA

March 25, 2009


So one may ask your self, well anyone can host a page that has exploits.  But how do they manage the sheer scale and scope of the attacks we are seeing today.  The answer is through sophisticated Traffic Redirectors.

Here is an example of one.  It is called SUTRA.  It provides for sophisticated reporting and statistics.  It basically monitors the traffic that is redirected based on a malicious IFrame placed on a compromised site.  The IFrame will then redirect to a exploit page.

 sutra11

going_along21

SEEKING INTELLIGENCE ON:

Geographic origin of code

Language coded in: CGI possibly PERL

Black Market price range

Forums its marketed on: (Forums/IRC?)

Who the authors are?

Exploitable? TBD

Google identifier search strings.

Code derived from? Progeny.

How long its been in existence?

Number of Versions.

Apparently there are many many of these Traffic Redirector services and even Market based exchanges for this traffic. 

robotraff

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: