Toolkits Add Impact To The Cyber-Underground

A Symantec report highlights just how much the spread of attack toolkits has lowered the barrier to entry for cyber-criminals.

The kits have become fixtures on the digital shelves of the Internet’s black market, and are now used in the majority of Web attacks. According to the report, the most prevalent toolkits detected on malicious Websites between July 1, 2009, and June 30, 2010, were MPack (48 percent), NeoSploit (31 percent) and Zeus (19 percent).

Maliciously Developing Since The 90s

“It helps to draw a parallel between attack toolkits and HTML editing programs,” Marc Fossi, executive editor of the report and manager of research and development for Symantec Security Response, told eWEEK. “In the beginning, to design an HTML webpage you had to hand code the HTML in a basic text editor.

“Then WYSIWYG editors came along that allowed you to drag and drop elements but you still needed to know some HTML to tweak the code. Now, however, there are very powerful HTML editing suites that require very little knowledge of HTML to create complex multimedia websites,” he added.

“In a similar way, attack toolkits relieve the user from requiring the deep technical knowledge to write an attack; meaning a novice attacker can mount a sophisticated attack campaign using an attack kit without needing to know how to uncover vulnerabilities or how to exploit them,” he said. “Attack kits reduce or remove this necessity by including prewritten exploits and malicious code along with the means for distributing these attacks, all via a friendly user interface.”

The earliest kits go back to the 1990s, according to Symantec. These kits were rudimentary, lacking features such as Web interfaces that would appear in later kits. One of the most advanced of these early kits was VMPCK, which first appeared in 1998. VMPCK was followed soon after by CPCK, which was notable for having a polymorphic engine to evade detection, something considered advanced at the time, according to the report.

Later kits continued to gain in complexity. In 2006, WebAttacker appeared with exploit code for seven previously-known vulnerabilities.

“As with later attack toolkits, these vulnerabilities were client-side in nature and targeted users of Internet Explorer and Mozilla Firefox on Microsoft Windows operating systems,” according to the report. “WebAttacker included many features that became standard in later attack toolkits, such as detecting a victim’s browser and operating system, and tracking the success rate of attacks.”

WebAttacker was first seen being advertised in underground forums for $15 (£10), a low price point the report speculates was due to it being the first of its kind. MPack, which was released in 2006 as well, was initially seen selling for $1,000 (£625), though the price was eventually lowered significantly.

Today, toolkits can range in price between a few hundred and several thousand dollars. Though the kits are often updated with new exploits, old exploits are still prevalent.

“Many of the kits keep stats on how many times an attack was launched at a target and how often the targets were successfully exploited,” Fossi explained. “The new exploits can be installed along with the existing exploits in the kit to provide a wider range of attacks launched. In fact, many kits tend to launch attacks targeting older vulnerabilities before the newer ones. This way if a target is compromised using an older exploit they don’t even attempt to exploit one of the newer ones. This helps to keep the newer exploits fresh and below the radar.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

5 hours ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

7 hours ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

8 hours ago

VW, Rivian Launch Joint Venture, As Investment Rises To $5.8 Billion

Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…

9 hours ago

AMD Axes 4 Percent Of Staff, Amid AI Chip Focus

Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…

12 hours ago

Tesla Recalls 2,431 Cybertrucks Over Propulsion Issue

Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…

13 hours ago