Kuwait, Saudi… and PrIv8 ActiveX ExploiT

less than 1 minute read

We all know Brazilian hackers have mastered the art of creating banking trojans. The Chinese are very fond of password stealers targeting online games. The bad guys do have preferences for what type of malware they are creating based on their geolocation.

Well, I found this exploit source code from a domain named kuwait{removed}.com

The exploit downloads a file named unek.exe, very well known to be an IRC bot.

Looking for other websites using that expoit lead me to a lot of pages in Arab language, one of them being a Saudi hacker forum:

The exploit is readily available for download there and it also shows a custom made VirusTotal page revealing that no AV was detecting it (this picture reveals the time was around Dec. of last year):

It may be a bit of a stretch to insinuate that this exploit has roots in this region of the world, but nonetheless I found the coincidence worth to be mentioned.

Leave a comment