HOME

TheInfoList



Click Here for Items Related To - Exploit Kit
OR:
Exploit Kit on:   [Wikipedia]   [Google]   [Amazon]

An exploit kit is a tool used for automatically managing and deploying exploits against a target computer. Exploit kits allow attackers to deliver malware without having advanced knowledge of the exploits being used. Browser exploits are typically used, although they may also include exploits targeting common software, such as
Adobe Reader Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format (PDF) files. The family comprises Acrobat Reader (formerly Reader), Acrobat (former ...
, or the operating system itself. Most kits are written in PHP. Exploit kits are often sold on the
black market A black market, underground economy, or shadow economy is a clandestine market or series of transactions that has some aspect of illegality or is characterized by noncompliance with an institutional set of rules. If the rule defines the s ...
, both as standalone kits, and as a
service Service may refer to: Activities * Administrative service, a required part of the workload of university faculty * Civil service, the body of employees of a government * Community service, volunteer service for the benefit of a community or a p ...
.


History

Some of the first exploit kits were WebAttacker and MPack, both created in 2006. They were sold on black markets, enabling attackers to use exploits without advanced knowledge of computer security. The Blackhole exploit kit was released in 2010, and could either be purchased outright, or rented for a fee. Malwarebytes stated that Blackhole was the primary method of delivering malware in 2012 and much of 2013. After the arrest of the authors in late 2013, use of the kit sharply declined. Neutrino was first detected in 2012, and was used in a number of ransomware campaigns. It exploited vulnerabilities in
Adobe Reader Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format (PDF) files. The family comprises Acrobat Reader (formerly Reader), Acrobat (former ...
, the Java Runtime Environment, and
Adobe Flash Adobe Flash (formerly Macromedia Flash and FutureSplash) is a multimedia Computing platform, software platform used for production of Flash animation, animations, rich web applications, application software, desktop applications, mobile apps, mo ...
. Following a joint-operation between Cisco Talos and
GoDaddy GoDaddy Inc. is an American publicly traded Internet domain registrar and web hosting company headquartered in Tempe, Arizona, and incorporated in Delaware. , GoDaddy has more than 21 million customers and over 6,600 employees worldwide. The c ...
to disrupt a Neutrino malvertising campaign, the authors stopped selling the kit, deciding to only provide support and updates to previous clients. Despite this, development of the kit continued, and new exploits were added. As of April 2017, Neutrino activity ceased. On June 15, 2017, F-Secure tweeted "R.I.P. Neutrino exploit kit. We'll miss you (not)." with a graph showing the complete decline of Neutrino detections. From 2017 onwards, the usage of exploit kits has dwindled. There are a number of factors which may have caused this, including arrests of cybercriminals, improvements in security making exploitation harder, and cybercriminals turning to other method of malware delivery, such as Microsoft Office macros and social engineering.


Overview


Exploitation process

The general process of exploitation by an exploit kit is as follows: # The victim navigates to a website infected by an exploit kit. Links to infected pages can be spread via
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
, malvertising, or by compromising legitimate sites. # The victim is redirected to the landing page of the exploit kit. # The exploit kit determines which vulnerabilities are present, and which exploit to deploy against the target. # The exploit is deployed. If successful, a payload of the attacker's choosing (i.e. malware) can then be deployed on the target.


Features

Exploit kits employ a variety of evasion techniques to avoid detection. Some of these techniques include obfuscating the code, and using
fingerprinting A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfac ...
to ensure malicious content is only delivered to likely targets. Modern exploit kits include features such as web interfaces and statistics, tracking the number of visitors and victims.


See also


References

{{reflist Malware toolkits Spyware Computer security exploits