An exploit kit is a programming tool that allows someone who does not have any experience writing software code to create, customize and distribute malware. Exploit kits are known by a number of other names, including infection kit, crimeware kit, DIY attack kit and malware toolkit.
Exploit kits have graphical application program interfaces (APIs) that allow non-technical users to manage sophisticated attacks capable of stealing corporate and personal data, orchestrating denial of service (DoS) exploits or building botnets. Most kits are built by professional programmers who exploit browser and client-side vulnerabilities that have already been publicly disclosed. The kits, which are commercially available on underground discussion forums, can cost as little as $100 or as much as $10,000.
Ironically, the high profits that can be gained by selling crimeware kits have led developers to model their software distribution model after that of legitimate software vendors. Many crimeware kits have clearly defined refund policies, licensing options, digital rights management (DRM) components and customer service.
Although crimeware kits are usually proprietary, they share several things in common including:
- A point-and-click build component.
- Provisions for creating threats in many different languages.
- A Web-based executive Dashboard for managing the data and processing power harvested from infected machines.
- An interface that facilitates malware distribution through email, online advertisements and social networking websites.
This video from XPS Tech provides an overview of exploit kits.
See also: phishing kit