Browse Definitions:
Definition

exploit kit (crimeware kit)

An exploit kit is a programming tool that allows someone who does not have any experience writing software code to create, customize and distribute malware. Exploit kits are known by a number of other names, including infection kit, crimeware kit, DIY attack kit and malware toolkit.

Exploit kits have graphical application program interfaces (APIs) that allow non-technical users to manage sophisticated attacks capable of stealing corporate and personal data, orchestrating denial of service (DoS) exploits or building botnets. Most kits are built by professional programmers who exploit browser and client-side vulnerabilities that have already been publicly disclosed. The kits, which are commercially available on underground discussion forums, can cost as little as $100 or as much as $10,000.

Ironically, the high profits that can be gained by selling crimeware kits have led developers to model their software distribution model after that of legitimate software vendors. Many crimeware kits have clearly defined refund policies, licensing options, digital rights management (DRM) components and customer service.

Although crimeware kits are usually proprietary, they share several things in common including:

  • A point-and-click build component.
  • Provisions for creating threats in many different languages.
  • A Web-based executive dashboard for managing the data and processing power harvested from infected machines.
  • An interface that facilitates malware distribution through email, online advertisements and social networking websites.

Well-known crimeware kits include Angler, Nuclear, RIG, Sweet Orange, Zeus, MPack, Neosploit, BlackHole, Nukesploit P4ck, Stegano and Phoenix.

This video from XPS Tech provides an overview of exploit kits.

<

See also: phishing kit

This was last updated in January 2017

Continue Reading About exploit kit (crimeware kit)

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • cyborg anthropologist

    A cyborg anthropologist is an individual who studies the interaction between humans and technology, observing how technology can ...

  • RegTech

    RegTech, or regulatory technology, is a term used to describe technology that is used to help streamline the process of ...

  • conduct risk

    Conduct risk is the prospect of financial loss to an organization that is caused by the actions of an organization's ...

SearchSecurity

  • security

    Security, in information technology (IT), is the defense of digital information and IT assets against internal and external, ...

  • insider threat

    An insider threat is a malicious hacker (also called a cracker or a black hat) who is an employee or officer of a business, ...

  • virus (computer virus)

    A computer virus is malicious code that replicates by copying itself to another program, computer boot sector or document.

SearchHealthIT

  • HIPAA Privacy Rule

    The Standards for Privacy of Individually Identifiable Health Information, commonly known as the HIPAA Privacy Rule, establishes ...

  • HIPAA business associate agreement (BAA)

    Under the U.S. Health Insurance Portability and Accountability Act of 1996, a HIPAA business associate agreement (BAA) is a ...

  • telemedicine

    Telemedicine is the remote delivery of healthcare services, such as health assessments or consultations, over the ...

SearchDisasterRecovery

  • data recovery

    Data recovery restores data that has been lost, accidentally deleted, corrupted or made inaccessible. Learn how data recovery ...

  • disaster recovery plan (DRP)

    A company's disaster recovery policy is enhanced with a documented DR plan that formulates strategies, and outlines preparation ...

  • fault-tolerant

    Systems with integrated fault tolerance are designed to withstand multiple hardware failures to ensure continuous availability.

SearchStorage

  • Secure Digital card (SD card)

    SD cards use flash memory to provide nonvolatile storage. They are more rugged than traditional storage media and are used in ...

  • data storage

    In a computer, storage is the place where data is held in an electromagnetic or optical form for access by a computer processor.

  • flash storage

    Flash-based storage, based on flash memory, is used for data repositories, storage systems and consumer devices, such as USB ...

SearchSolidStateStorage

  • flash file system

    Flash file systems are designed specifically for memory devices. A well-designed flash device and flash file system ensure ...

  • IOPS (input/output operations per second)

    IOPS measures the maximum number of reads and writes to non-contiguous storage. It is not an actual benchmark since vendor ...

  • eMMC (embedded MultiMediaCard)

    An embedded MultiMediaCard (eMMC) is a small storage device made up of NAND flash memory and a simple storage controller.

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close