Here is a kit called .  I will begin to start searching for the or backend code for each of these exploit packs and post them here for Security Research and Analysis.  This stuff itself is not dangerous.  These are command and control mechanisms to report and monitor botnets.

What IS dangerous is the fact that software and systems do not automatically slipstream vulernability fixes / patches to their users, ensuring that a time gap occurs which gives malicious users the opportunity to exploit systems.

We need to really start rethinking the concepts of software and challenge our traditional assumptions if we are every truly going to make progress in this area. 



Who coded this, in what language, what is its current black market price, exploitable?

How prevalent or what kind of market share does it have?

What is its backend db?

Apparently there are many configuration vulnerabilities such as weak passwords that can be leveraged to compromise the back end components such as the FTP server, which also may be vulnerable.

What web servers are typically used for these packs?  ? ?

Here is a to some other ADpack screens as well as a C&C Interface for running commands.



As you can see above, if you get access to the command and control site you can destroy the system.  Reference the UnInstall Me feature.  Get System info is a good way of notifying affected organizations.    Clearly they dont understand the concept of Privledged commands and Role based Access Control.  Nor is each members campaign usually segregated from other members campaigns thus no privacy per say.

Additionally these kits are like a Service so many users run multiple campaigns.  Sounds like STING TIME> 

It would be entirely plausible to generate a fake service like this with fake simulated information Lure them in, identify them, then SMASH THEM.

You could provide fake or previously compromised data stores, and simulate the growth of their botnets.  It would be all you need to Sow distrust and paranoia into people tempted to get into this line of nefarious work.

Here is what appears to be a localized Russian version of Adpack



Leave a Reply

Gravatar Logo

Please log in to to post a comment to your blog.

Twitter picture

You are commenting using your Twitter account. (Log Out)

Facebook photo

You are commenting using your Facebook account. (Log Out)

Connecting to %s