Report Underscores Global Impact of the Attack Kit Business
Altogether M86 Security Labs investigated more than 25 attack kits, many of them in Russian, such as Crimepack, WebAttacker, MyPolySploit, XCore, UniquePack, LuckySploit, Yes Toolkit, Liberty, Fiesta, Eleonore and more. One of the most expensive attack kits found was LuckySploit at over $1000 USD, with most in the $400-$1000 USD range, and some selling for as little as $100 USD.
"Exploit kits have changed the cybercrime industry in a very short period of time," said Bradley Anstis, vice president of technology strategy, M86 Security. "People can launch attacks without even knowing a line of code, and the infrastructure now exists to pay the attacker per exploit achieved. With an attack kit there is literally 'an app for that' and it is driving the explosive growth in Internet-borne threats such as spam and zero-day attacks with new kits popping up every day. This latest research report details the anatomy of these kits, providing insight into the evolution and the skyrocketing increase in the number of attacks."
Creators of exploit kits can make money by offering various services, such as: ? The sale of exploit kits for a flat fee ? The purchase of an obfuscator replacement for additional fee (to prevent anti-virus software from recognizing malicious code) ? Extra cost to cover any new hosting domain installations (in the event the current domain is discovered and becomes blacklisted by Security Vendors) ? Simply adding new exploits to increase the successful exploitation rate
Users of exploit kits have many ways of making money as well. Pay-Per-Install (PPI) programs are one example where the criminals are paid for installing third-party malware. In this case, the exploit kit operator finds a suitable PPI program and becomes an affiliate earning money for each successful install.
Most kits provide a different set of exploits for different browsers - from the antiquated MDAC exploit for Internet Explorer 6 to the infamous PDF exploits printf, collectEmailInfo and getIcon, which affect the vast user base of Adobe Acrobat/Reader users, and an increasing number of Flash and Java class vulnerabilities. The most successful exploitations are zero-day exploits. Most often, the exploit kit creators continually update the set of exploits included in their product to maintain a high exploitation rate.
In the latest M86 Report, an FS Pack Admin Console shows 5,032 successful installs for the day. Assuming a PPI model where the affiliate is earning a modest $100.00 USD per 1,000 installs, this would result in revenue of about $500.00 USD for the day.
The "Web Exploits - There's an App for That" report is available from M86 Security Labs at: http://www.m86security.com/documents/pdfs/security_labs/m86_web_exploits_report.pdf.
About M86 Security M86 Security is the global expert in real-time threat protection and the industry's leading Secure Web Gateway provider. The company's appliance, software, and Software as a Service (SaaS) solutions for Web and email security protect more than 24,000 customers and over 17 million users worldwide. M86 products use patented real-time code analysis and behavior-based malware detection technologies as well as threat intelligence from M86 Security Labs to protect networks against new and advanced threats, secure confidential information, and ensure regulatory compliance. The company is based in Orange, California with international headquarters in London and development centers in California, Israel, and New Zealand. For more information about M86 Security, please visit http://www.m86security.com/.
Follow M86 Security on Twitter at: http://twitter.com/M86Security Facebook at: http://www.facebook.com/M86Sec M86 Security Labs Blog at: http://www.m86security.com/trace/traceblog.asp