DIY Malware Kits Expand Hacker Pool

The number of do-it-yourself malware kits circulating around the Internet is growing at an exponential rate, creating new opportunities for novice hackers with little or no coding skill and headaches for businesses and consumers forced to deal with an influx of new data-stealing scams.

A new report issued this week from security software vendor Symantec (NASDAQ: SYMC) found that 61 percent of all web-based threats were generated by these attack tool kits.

These kits, including the Facebook kit that first surfaced in August and continues to plague the social networking site, can be purchased anonymously online and empower the buyer with the ability to launch numerous, pre-written attacks against specific companies, individuals or social networking platforms.

Worse, according to Symantec’s research team, they’ve become more sophisticated in the past year, giving malware purveyors the ability to easily customize new threats to avoid detection and automate their attacks.

Unlike past malware campaigns which generally required a considerable amount of code-writing expertise, these click-and-launch kits take all the thinking out of the process and allow people who otherwise would never have gone into the identity-stealing business to become neophyte cybercrooks.

“In the past, hackers had to create their own threats from scratch,” Stephen Trilling, senior vice president of Symantec’s security technology and response group, said in the report. “Today’s attack toolkits make it relatively easy for even a malicious novice to launch a cyberattack.”

“As a result, we expect to see even more criminal activity in this area and a higher likelihood that the average user will be victimized,” he added.

Law enforcement is keenly aware of this DIY fad and has ramped up its efforts to shut down some of the most egregious offenders.

In September, the FBI, New York Police Department and U.S. Secret Service teamed up to take down an Eastern European-based cybercrime syndicate responsible for distributing a Zeus botnet kit that managed to steal more than $70 million from U.S. customers’ online banking and securities trading accounts over an 18-month period.

The FBI executed a similar bust in July that netted a Slovenian man known as “Iserdo” who was allegedly responsible for selling variations of a Butterfly botnet kit for between $650 and $2,000 apiece. Those particular kits were especially good at spreading the extraordinarily destructive Mariposa botnet.

Despite these high-profile arrests, companies, consumers and law enforcement are still playing a never-ending game of catch-up and the crooks are often miles ahead. The speed at which these new kits are sold — and new kits are created — makes it impossible to quantify exactly how many people become new paint-by-number hackers each month.

Meanwhile, demand for attack toolkits has never been higher largely because the hackers who originally wrote these programs are moving up criminal food chain, realizing that there’s more money — and less effort — in distribution than creating new malware themselves.

Symantec researchers said, WebAttacker, one of the first DIY malware kits available in 2006 cost $15. Just four years later, the Zeus 2.0 kit is now selling for $8,000.

The attacks come in a variety of forms. Some are old-fashioned spam email campaigns while others have evolved to complex black hat search engine optimization (SEO) scams or the injection of malicious code into legitimate websites and banner advertisements.

Some of the popular kits on the market include MPack, Neosploit, Nukesploit P4ck and Phoenix.

Symantec’s report found more than 310,000 unique, malicious domains that, on average, created more than 4.4 million malicious web pages each month.

Larry Barrett is a senior editor at, the news service of, the network for technology professionals.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.

Larry Barrett
Larry Barrett
Larry Barrett is an eSecurity Planet contributor.

Top Products

Related articles