Threat Database Trojans G01pack Exploit Kit

G01pack Exploit Kit

By Domesticus in Trojans

To understand the G01pack Exploit Kit, it is necessary to understand two concepts: the concept of an exploit kit and the concept of a honeypot. To infect a computer with malware, attackers will typically exploit vulnerabilities in software or, more rarely, hardware. For example, there may be a known vulnerability in Adobe Flash Player that can allow a specifically formulated file to execute a harmful code on the infected computer, allowing an attacker to install a virus, worm or Trojan on the infected computer. An exploit kit is a hacking tool that attempts to exploit several vulnerabilities simultaneously.

Typically, an exploit kit is installed on a malicious, attack website. When a computer user visits this website, the exploit kit attacks the visitor's computer. Redirect scripts, which are designed to force computer users to visit a particular website, paired with attack websites and using exploit kits have resulted in devastating attacks. While the G01pack Exploit Kit appears to be one of these exploit kits, the G01pack Exploit Kit may actually be a cleverly disguised honeypot.

Is the G01pack Exploit Kit a Honeypot?

A honeypot, when talking about computer security, is typically a vulnerable computer that is designed to attract an attack. PC security researchers use these honeypots to pinpoint the location and tactics used by criminals in order to halt their operations. However, it seems that criminals are also setting up their own honeypots in order to better study and track the tactics used by PC security analysts. The G01pack Exploit Kit seems to be one of these honeypots.

Characteristics of the G01pack Exploit Kit

The G01pack Exploit Kit has been around since January of 2013. Apparently, the G01pack Exploit Kit is not an actual exploit pack but is merely a web page that is set up to look like the login page for a malicious server. One of the reasons why the G01pack Exploit Kit has managed to fool many PC security researchers into believing that the G01pack Exploit Kit is an actual exploit kit rather than a honeypot is that the redirect scripts used to direct computer users to the G01pack Exploit Kit's web page are varied, obfuscated and complex, usually indicating a more sophisticated malware attack. The web page containing the G01pack Exploit Kit seems to have been designed to gain information on security researchers attempting to log into the false administration panel.


Most Viewed