back to article MPack developer on automated infection kit

In June 2006, three Russian programmers started testing a collection of PHP scripts and exploit code to automate the compromise of computers that visit malicious websites. A year later, the MPack kit has become an increasingly popular tool, allowing data thieves and bot masters to take control of victims' systems and steal …


This topic is closed for new posts.
  1. Dave Harris

    Just creating ammunition?

    What bullshit. These scum are, IMNSHO, directly responsible for huge amounts of misery - and in some cases suicides - worldwide. The money that they make comes indirectly from those victims. I sincerely hope they get caught - and then put up against a wall. It won't happen, but one can dream.

  2. Anonymous Coward
    Anonymous Coward

    Advertisement for Opera

    Opera should take this article and post it as an add on their website ;-)

  3. Anonymous Coward
    Anonymous Coward

    re: Advertisement for Opera

    Of course anyone taking security advice from someone like this deserves all they get.

    /uninstalls opera

  4. Anonymous Coward
    Anonymous Coward

    Why is this stuff legal?

    What purpose can this stuff be used for, other than to aid and abet the committing of a crime?

    They are enabling a form of terrorism, albeit without the violence but with exactly the same aims as their more violent cousins.

    These people very urgently need their premises raided, confiscating anything that could lead to the detection and imprisonment of the other criminals that they are assisting

  5. Robert Hirst

    re: Just creating ammunition?

    @Dave Harris

    So if ammo makers are to blame for how the product is used, and you get your wish and they are all stood lined the up against the wall, what are you going to do then? Tickle them to death?

  6. Anonymous Coward
    Anonymous Coward

    RE:Just creating ammunition?

    Well I disagree with the first sentence of the first poster, afterwards I agree with his sentiment. But it is true they are just making ammunition, just like the guys how work at companies designing, building, shipping etc, of landmines, cluster bombs, biological and chemical weapon delivery systems (even thought US has signed and ratified a treaty not to, they are still pantenting chemical weapon delivery systems - check project sunshine) So yeah the're scum and they affect me a lot more directly then ammuntion manufacturers, but the guys who make landmines have done a lot more and continue to do a lot more damage to more people then these bozos ever will.

  7. Anonymous Coward
    Anonymous Coward

    Re: What purpose?

    Agreed--- hugely illegal, unethical, etc. However, now that the genie's out of the bottle, there's nothing we can do by try to keep up with countermeasures. If a vulnerability exists, it *will* be exploited-- that's a basic fact of human behavior, regardless of the system, be it a computer, a bank, a high school exam, whatever.

    For one, I'm glad that hackers/crackers exist and continue their dastardly work, because they do provide a crucial service; that is, finding faults in common consumer products and highlighting those faults in a very public way, which more than overcomes the marketing material of the companies that produce said products.

    Also, now that these exploits are "wild," they've given the world at large great weapons to use against their oppressive governments and social agencies. Much like firearms (and I'm an American here, obviously), I feel much more comfortable if I can have them as well as my government, rather than just the government's evil Dr. Strangelove types figuring these things out, then sitting on them, and using them against their own populace.

  8. Dillon Pyron


    Ammunition has many legitimate uses. What they are producing has none. Why does he have to hide if they aren't doing anything that harms others? OTOH, if the Russian government was actually interested in catching them the FSB would have had them a long time ago.

  9. Anonymous Coward
    Anonymous Coward

    I smell a subpoena

    Even though they have only stretched their neck out a nbit for the interview, it is recognition like this and other efforts to feel famous that will ultimately lead to getting caught. No matter how 'secure' they think they are from global law enforcement, in this day and age, it is next to impossible to hide all together.

    I do find the interview interesting but i don't think El Reg or anyone else is helping the situation by giving these children a platform so they can flick their nose at those of us in IT. It is a good look at what goes on in the minds of a group like this but if you mess with the global enconomy in any way, directly or indirectly stealing data or causing corporate IT problems, you are asking for that target to be placed square on your back.

  10. Alan Donaly

    It's same old game

    It's just software deal with it.

  11. Anonymous Coward
    Anonymous Coward


    >>They are enabling a form of terrorism, albeit without the violence but with exactly the same aims as their more violent cousins.


    1. The deliberate commission of an act of violence to create an emotional response from the victim in the furtherance of a political or social agenda.

    2. Violence against civilians to achieve military or political objectives.

    3. A psychological strategy of war for gaining political or religious ends by deliberately creating a climate of fear among the population of a state.

    You are an idiot.

  12. Richard Kay

    Re: Why is this stuff legal?

    If you use tools to check whether your own systems (or those of a customer who authorised you to test them) are secure, these tools and your use of them is legal. (In the UK and countries with similar laws). If you acquire or use tools to break into someone else's systems without their consent this stuff is not legal. The difference is in the intent - the state of mind of the person using them. Same idea if you are carrying a knife on your way to work as a chef or to carry out a robbery; The courts have to figure out the difference.

    It's a very bad idea to make tools which professional penetration testing consultants need to do their job available to criminals but not available legally to those who might otherwise be able to help secure systems against them. The same applies to forensics investigators and legal expert witnesses - who also need to understand the tools used by bad guys in order to do their job in getting the bad guys locked up.

    In practice you also can't learn about some aspects of computer security beyond a certain level without using tools with potentially bad effects. You can only do this ethically within a controlled system environment which you set up and can clean up yourself. As an educator in this area I need to be able to do this. If one of my enrolled fee-paying students wants me to supply a computer virus for experimental and learning purposes, they have to first convince me that they are capable of setting up a closed environment in which they can objectively study the virus' behaviour and from which it isn't likely to escape.

  13. Anonymous Coward
    Anonymous Coward

    It is their job

    I think that it is their job. Just job. This threat makes millions of money for AntiVirus industry, is't it ? specially for USA companies.

    I am from Russia. Our government is not interested for cautching them because they do not do much harm to Russia users (You have to know that MPack is used to infect users from rich countries (USA, Europe ...). ) and russian specialists is not on the same level of computer education as computer gurus.

    And even they are caught, Russia hardly will give them to other countries, (as Lygovoi ).

    and I advertise you also to use Opera.

  14. Anonymous Coward
    Anonymous Coward


    "These scum are, IMNSHO, directly responsible for huge amounts of misery - and in some cases suicides - worldwide."

    Suicide due to web attack? Has this been proven?

    Attitudes such as those displayed in this comments thread are - as well as hilarious - one of the reasons that the world is the way it is.

    Points have already been made about landmines and munitions. And no, landmines and AP rounds, missile guidanmce systems and the like do NOT have legitimate uses, unless you want to do the usual US of A bullyboy thing and say they're for 'defence' - ask afghanistan and Iraq about 'defence agenda' and how it works.

    Like two sensible posters say: it's just software, and these guys are just doing a job. They do not produce the demand for these apps, and to compare this with terrorism, 'real world crime', heroin distribution or the sex industry is frankly minbogglingly hilarious.

    And for the record, I hate black hats too - so what? Line them up against a wall and shoot them? Isn't that the approach of your average terrorist?

    Oh I forgot, taxpayers in western countries are not terrorists nor do they subscribe to or pay for terrorist activities. We're all "legal".

This topic is closed for new posts.