Sunday, December 21, 2014
Text Size

Cybercrime: The Franchise

Friday, 14 May 2010 15:10 in Blogs, Current Events by Jart Armin


Do-it-yourself cyber-crime kits have emerged for the average PC user, with built-in anti-virus protection and complete online security avoidance features.

Once upon a time, professional hackers needed the skills of willing script kiddies to exploit your PC or enterprise. Then along came the exploit kit, such as the “MPack,” courtesy of the RBN (Russian Business Network), and a new business enterprise was born.

Today, a new generation of exploits is available in off-the-peg kits requiring no more operational skill than that of a competent user.

One of the latest headline victims of an exploit kit was the US Treasury Website. Panda Security detailed how it happened -- and how a new generation of kits or packs can identify security vulnerabilities, select the preferred method of intrusion, and carry out the exploit, whether that be by PDF, an embedded iframe, or any other chosen method of exploitation.

Easily found on legitimate-looking Websites, exploit kits are marketed as are any other products. In a recent report, security firm M86 followed the process of buying a kit. The firm found at least a dozen new models released in the past six months.

To aid the buyer, there are even helpful forums. Prices for kits start from as low as $100, with top-of-the-range models costing over $1,000. The hacker-turned-software-writer can earn extra revenue by supplying obfuscator replacements that will stop antivirus applications from detecting malicious code, or by providing additional hosting domains in the event of a blacklisting by security vendors.

Some kits are available for rent, with the seller keeping control of rental periods in order to get greater revenue.

In addition to easy-to-follow instructions for installation in a Web-based interface, buyers can benefit from continuing customer service support, including bug fixes and version changes. To maximize Website traffic, specialists can be hired -- all adding to the services of what is a well-run, franchised, underground economy.

Personal gain is the object of the cyber-criminal, and an exploit kit can soon help the user to bring in a regular income. With malware installed, keyloggers, spam, and pay-per-install (PPI) programs take advantage of the victim’s machine. Even a moderate estimate based on earning $100 per 1,000 installs (a very realistic figure, according to M86) would bring around $500 to $2,000 per day.

Now let us look at one of the latest exploit kits, “CrimePack,” in a little detail, using their own sales materials translated from Russian, thanks to Steve and Holger of and

Handpicked exploits for higher effectiveness… globals for Flash10, AdobeAcrobat 9.2, latest JRE (Java) vulnerabilities

Exploit successful test runs: Internet Explorer 39%, FireFox 14%

Rated countries on attempt success: US 14%, UK 7%, IN 38%, DE16%...


— Undetected from AV Scanners (JavaScript / PDF / JAR / JPG files)

— Random PDF obfuscation (Not using static pdf file like other packs)

— Blacklist auto checker

— Prevent Wepawet, Jsunpack, and other JavaScript unpackers to decode your page

Auto checks against domain & malware blacklists; e.g., Norton SafeWeb, Google SafeBrowsing, McAfee SiteAdvisor, Robtex, and others

“All this for $400 and only $80 for domain cleaning”

Running our own lab tests using CrimePack, the ease of use was alarming, and we had to marvel at its operational simplicity and automated functions.

We have to recognize that, particularly for enterprises, we have a very real new fight on our hands. The combination of automated vulnerability analysis and turning the community’s own security intelligence against us should be particularly worrying.

It is pretty safe to forecast a new level of criminal activity to follow, as more cyber-criminal wannabes gain access to these new tools. For the PC user, enterprise professional, or Webmaster, it’s vital to take every possible precaution and apply the latest updates as early as possible.

Latest Blogs

  • 1
  • 2
  • 3


Sign up to the HostExploit newsletter to receive the latest news on HostExploit reports and other developments.