Exploit kits are automated malicious software programs which target client side application vulnerabilities like Web Browsers, Add-ons, Adobe Flash Player, Adobe Reader, Java Runtime Environment etc.
Exploit kits are easy to use and does not require in-depth technical knowledge. Hence it can be used by inexperienced hackers as well. Cybercriminals sell exploit as a service and it can be rented for a day, week, month or a year according to the need and they are easily affordable.
Exploit kits have several capabilities to create Botnet Command & Control (C&C), Fake Anti-virus, Malware installers, Trojans, Spyware. Few exploit kits provides nice and user friendly web interface with powerful control panel where attackers can configure according to their attack plan.
Exploit kits are very sophisticated and they can bypass detection mechanism from security products by changing evasion and obfuscation techniques.
How exploit kits work in general:
First attackers exploit server side vulnerabilities and add malicious hidden iframe in legitimate website. Then, attackers convince users to visit a compromised websites. Once the victim visits the site, the page gets redirected to exploit kit hosted on Bulletproof site. Bulletproof hosting is a service provided by domain/web hosting providers, which allows their customers to upload anything, including malicious content. Exploit kits collect various information such as browser version and installed add-ons, Adobe Flash, Adobe Reader, JRE version and so on. Based on the collected information, they determine and deliver exploit/malicious code by taking advantage of vulnerable software. If exploit succeeds, then it can download and installs Malware, Trojans, Spywares etc.
The Cybercriminals blacklist IP addresses to keep researchers and security vendors away from analyzing the exploits/attacks. If a victim visits malicious website, the victim’s IP address is checked in the back-end database server. If it’s already exists in the DB, then exploit kit will respond differently. If IP address does not exists in the DB, then exploit kit will allow access. Few of the exploit kits get the black listed IP address as an update.
Some popular exploit kits are,
- Cool Pack
- Crime Pack
- Neo Sploit
Exploit kits mainly take advantage of vulnerable software to get into the system. Best way to stay safe is to install applications/add-ons only from authors whom you trust and keep your browsers and other applications up-to date to avoid attacks. Never click on emails from unknown source and avoid suspicious websites.
Download Saner and keep your systems updated and secure.
- Veerendra GG