Attack toolkits have created a diverse pool of criminals

Launching widespread attacks on computers through the Internet used to be a task reserved for hackers — those with an extensive knowledge of programming. This is no longer the case. The advent of attack toolkits has lowered the bar significantly, opening the doors to anyone with a basic understanding of networking and computers to produce threats that exploit vulnerabilities.

Attack toolkits are bundles of malicious code tools used to facilitate the launch of concerted and widespread attacks on networked computers. Also known as crimeware, these kits are usually composed of prewritten malicious code for exploiting vulnerabilities along with various tools to customise, deploy, and automate widespread attacks, such as command-and-control server administration tools.

These toolkits are used to enable theft of sensitive information or convert compromised computers into a network of botnets in order to mount additional attacks. They are advertised and sold in the online underground economy. Attack kits play a significant role in the continuing evolution of cyber crime into a self-sustaining, profitable, and increasingly organised economic model worth millions of dollars. We have observed toolkits that are advertised for $ 40 to $ 4,000, but we've also seen toolkits that cost $ 8,000.

They're big

Today, attack toolkits have become so prevalent that 61 per cent of Web-based threat activity observed during the reporting period could be directly attributed to attack kits. The magnitude of these attacks and their widespread usage is a concern for everyone from individual consumers to the largest businesses.


One particular toolkit called Zeus, which aims at stealing bank account credentials, accounted for 65 per cent of all advertisements for the sale of kits on underground economy servers observed by Symantec. In September 2010, the FBI revealed that a ring of cybercriminals was arrested for allegedly using Zeus to steal more than $ 70 million from online banking and trading accounts over an 18-month period.

Attack toolkits today are so advanced that creators can update code to evade detection on the websites on which they reside. Toolkits are also available on a subscription-based model and with various add-on features. Just like legitimate software, installation services and support options are available too!

They're evolving

Due to their increased sophistication and ability to distribute updates, toolkits are incorporating new exploits faster than before. With a few clicks, kit developers can send updates to their subscribers to add new exploits.

From the initial attack to the installation of malicious code and theft of information, attack kits take every aspect of cyber crime and make it more prolific than it was.

The widespread availability of attack kits has resulted in a much more diverse pool of cybercriminals. Instead of being a club exclusive to computer programmers, newcomers don't even need to know how to write a line of code — they just need the money.

Criminals specialising in activities such as money-laundering or identity theft now have sophisticated tools to leverage the Internet for their malicious deeds. Many of these new cybercriminals may not even understand how these toolkits work, but they are making the Internet a lot more dangerous for consumers and businesses alike.

(The author is Director, Development, Symantec)