New Generation of Exploit Kits On The Rise

“The marketplace for hacker exploit kits is getting more crowded according to research by Kaspersky Labs, which found that new tools with names like SEOsploit and Crimepack are challenging the dominance of legacy tools like the Phoenix, Eleonore, Neosploit, YESExploit, and Liberty kits.

A Securelist report released last week finds signs of disruption in the underground market for exploit kits, pre-built tools that are used to carry out automated drive-by attacks to spread malicious programs. The shifts may suggest that attackers are migrating to tools that allow them to exploit vulnerabilities in Internet Explorer, Java and Adobe PDF files.”

Exploit kits can be purchased on the black market for anywhere between a couple hundred and thousands of dollars. They can also be rented, and this highly competitive market represents a lucrative and growing business for malware authors. The Kaspersky Lab researchers analyzed the kits and found that vulnerabilities in Internet Explorer, PDFs, and Java represent an overwhelming 66% of the attack vector used by these kits. Interestingly, many of the vulnerabilities being exploited have had patches available for some time.

In fact, the vulnerability reuse ratio among exploit kits is 41%, meaning that the same vulnerabilities are being exploited by different kits.

When researchers isolated the emerging kits, SEOsploit and Crimepack, they found that the percentage targeting Internet Explorer, PDFs, and Java grows to 75%. The thing that seems to differentiate the newer, emerging kits from the older ones like Eleonore and Phoenix is that SEOsploit and Crimepack are actually seeking out and exploiting new vulnerabilities.

In fact, the Kaspersky Lab researchers were able to follow the trail of vulnerabilities exploited by the kits, tracing out an evolutionary tree that shows how they have evolved from the oldest kits like Icepack and Firepack to the newer ones like SEOsploit and Crimepack. Each new generation of kits builds on the same exploits as their predecessors, but adds new exploits as they present themselves.

The success of various kits also adheres to a kind of evolutionary logic. In the end, the researchers determined that their success all stems from a high infection rate. If an exploit writer can show that his/her kit is more effective than others, then that kit will earn higher sales volumes. So, new authors look to tried and proven methods when writing their kits, which is likely the reason so much similarity among kits.

Commenting on this Article is closed.