Exploit Kit
   HOME

TheInfoList



Click Here for Items Related To - Exploit Kit
OR:
Exploit Kit on:   [Wikipedia]   [Google]   [Amazon]

An exploit kit is a tool used for automatically managing and deploying exploits against a target computer. Exploit kits allow attackers to deliver malware without having advanced knowledge of the exploits being used.
Browser exploit A browser exploit is a form of malicious code that takes advantage of a flaw or vulnerability in an operating system or piece of software with the intent to breach browser security to alter a user's browser settings without their knowledge. Malici ...
s are typically used, although they may also include exploits targeting common software, such as
Adobe Reader Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format (PDF) files. The family comprises Acrobat Reader (formerly Reader), Acrobat (former ...
, or the
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also i ...
itself. Most kits are written in
PHP PHP is a general-purpose scripting language geared toward web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by The PHP Group. ...
. Exploit kits are often sold on the black market, both as standalone kits, and as a service.


History

Some of the first exploit kits were
WebAttacker Webattacker is a do-it-yourself malware creation kit that includes scripting language, scripts that simplify the task of infecting computers and E-mail spam, spam-sending techniques to lure victims to specially rigged Websites. It was allegedly crea ...
and MPack, both created in 2006. They were sold on black markets, enabling attackers to use exploits without advanced knowledge of
computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
. The
Blackhole exploit kit The Blackhole exploit kit was, as of 2012, the most prevalent web threat, where 29% of all web threats detected by Sophos and 91% by AVG are due to this exploit kit. Its purpose is to deliver a malicious payload to a victim's computer. Acco ...
was released in 2010, and could either be purchased outright, or rented for a fee. Malwarebytes stated that Blackhole was the primary method of delivering malware in 2012 and much of 2013. After the arrest of the authors in late 2013, use of the kit sharply declined. Neutrino was first detected in 2012, and was used in a number of ransomware campaigns. It exploited vulnerabilities in
Adobe Reader Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format (PDF) files. The family comprises Acrobat Reader (formerly Reader), Acrobat (former ...
, the
Java Runtime Environment Java is a set of computer software and specifications developed by James Gosling at Sun Microsystems, which was later acquired by the Oracle Corporation, that provides a system for developing application software and deploying it in a cros ...
, and
Adobe Flash Adobe Flash (formerly Macromedia Flash and FutureSplash) is a multimedia software platform used for production of animations, rich web applications, desktop applications, mobile apps, mobile games, and embedded web browser video players. Fla ...
. Following a joint-operation between
Cisco Talos Cisco Talos Intelligence Group is a cybersecurity technology and information security company based in Fulton, MD that’s a part of Cisco Systems Inc. Talos’ threat intelligence powers Cisco Secure products and services, including malware dete ...
and
GoDaddy GoDaddy Inc. is an American publicly traded Internet domain registrar and web hosting company headquartered in Tempe, Arizona, and incorporated in Delaware. , GoDaddy has more than 21 million customers and over 6,600 employees worldwide. The ...
to disrupt a Neutrino malvertising campaign, the authors stopped selling the kit, deciding to only provide support and updates to previous clients. Despite this, development of the kit continued, and new exploits were added. As of April 2017, Neutrino activity ceased. On June 15, 2017,
F-Secure F-Secure Corporation is a global cyber security and privacy company, which has its headquarters in Helsinki, Finland. The company has offices in Denmark, Finland, France, Germany, India, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Sweden, ...
tweeted "R.I.P. Neutrino exploit kit. We'll miss you (not)." with a graph showing the complete decline of Neutrino detections. From 2017 onwards, the usage of exploit kits has dwindled. There are a number of factors which may have caused this, including arrests of cybercriminals, improvements in security making exploitation harder, and cybercriminals turning to other method of malware delivery, such as
Microsoft Office Microsoft Office, or simply Office, is the former name of a family of client software, server software, and services developed by Microsoft. It was first announced by Bill Gates on August 1, 1988, at COMDEX in Las Vegas. Initially a marketi ...
macros and social engineering.


Overview


Exploitation process

The general process of exploitation by an exploit kit is as follows: # The victim navigates to a website infected by an exploit kit. Links to infected pages can be spread via spam, malvertising, or by compromising legitimate sites. # The victim is redirected to the landing page of the exploit kit. # The exploit kit determines which vulnerabilities are present, and which exploit to deploy against the target. # The exploit is deployed. If successful, a payload of the attacker's choosing (i.e. malware) can then be deployed on the target.


Features

Exploit kits employ a variety of evasion techniques to avoid detection. Some of these techniques include obfuscating the code, and using
fingerprinting A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfac ...
to ensure malicious content is only delivered to likely targets. Modern exploit kits include features such as web interfaces and statistics, tracking the number of visitors and victims.


See also


References

{{reflist Malware toolkits Spyware Computer security exploits