If the relatively cheap, easily available, and totally reliable Blackhole exploit kit is the Toyota Camry of exploit kits, then the Cool exploit kit is the Lexus LS: both kits are reportedly developed by the same crew, but the latter is astronomically more expensive and presumably loaded with better features.
A Russian cybercriminal operating under the pseudonym ‘Puanch’ is responsible for both kits, according to security reporter Brian Krebs. This may seem a shaky business model, like opening two gas stations across the street from one another, but it’s not. Affordably priced at $50 a day, $500 a month, or $1,5000 a year, Blackhole is cheap and within reach of most attackers. The Cool exploit kit on the other hand is anything but cheap.
Krebs spoke to ‘Paunch’ via instant message and Paunch confirmed that he did indeed develop the Cool kit, and went on to claim that he charges an incredible $10,000 monthly fee for criminals seeking to use it.
So what do you get for ten grand a month? Well, ‘Paunch’ and his buddies reportedly spent a cool $100,000 buying exclusive, non-public browser and software zero-day exploits as well as the accompanying proofs-of-concept that they intend on keeping very much private. This is the primary difference between it and the Blackhole kit, which is something of an open book.
Blackhole uses well-known exploits, and often for already patched bugs. Despite this, Blackhole is very likely the most widely used exploit kit ever. However, Blue Coat Security researchers believe the tides may be shifting. They published a blog today detailing that the Cool kit acquired 204 new servers in December while the Blackhol kit only picked up 24 new servers. Of course, Blue Coat notes that the total number of Blackhole servers vastly outnumbers that of the Cool kit, but the point is that Cool’s popularity is accelerating at a faster pace than Blackhole’s.