Browse Definitions :
Definition

exploit kit (crimeware kit)

An exploit kit is a programming tool that allows someone who does not have any experience writing software code to create, customize and distribute malware. Exploit kits are known by a number of other names, including infection kit, crimeware kit, DIY attack kit and malware toolkit.

Exploit kits have graphical application program interfaces (APIs) that allow non-technical users to manage sophisticated attacks capable of stealing corporate and personal data, orchestrating denial of service (DoS) exploits or building botnets. Most kits are built by professional programmers who exploit browser and client-side vulnerabilities that have already been publicly disclosed. The kits, which are commercially available on underground discussion forums, can cost as little as $100 or as much as $10,000.

Ironically, the high profits that can be gained by selling crimeware kits have led developers to model their software distribution model after that of legitimate software vendors. Many crimeware kits have clearly defined refund policies, licensing options, digital rights management (DRM) components and customer service.

Although crimeware kits are usually proprietary, they share several things in common including:

  • A point-and-click build component.
  • Provisions for creating threats in many different languages.
  • A Web-based executive Dashboard for managing the data and processing power harvested from infected machines.
  • An interface that facilitates malware distribution through email, online advertisements and social networking websites.

Well-known crimeware kits include Angler, Nuclear, RIG, Sweet Orange, Zeus, MPack, Neosploit, BlackHole, Nukesploit P4ck, Stegano and Phoenix.

This video from XPS Tech provides an overview of exploit kits.

<

See also: phishing kit

This was last updated in January 2017

Continue Reading About exploit kit (crimeware kit)

SearchCompliance
  • pure risk

    Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain.

  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

  • chief risk officer (CRO)

    The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory ...

SearchSecurity
  • encryption key

    In cryptography, an encryption key is a variable value that is applied using an algorithm to a string or block of unencrypted ...

  • payload (computing)

    In computing, a payload is the carrying capacity of a packet or other transmission data unit.

  • script kiddie

    Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of ...

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
Close