25 years after the first computer virus was ever created, the malware distribution business is booming and vying for legitimacy. Especially prominent is the rise of attack toolkits, also known as crimeware. A recent report (PDF) revealed that attack toolkits are becoming more accessible and easier to use, which is leading to a dramatic increase in their use. In terms of its overall effect on the malware landscape, the prominence of attack toolkits will probably translate to a rise in cyber attacks and an expansion of the malware-distributing community.
How might a specific type of malware attack have such a considerable impact on the influence of malware at large? Essentially, attack toolkits provide the common individual with the tools to launch his own widespread cyber attacks on computer networks, regardless of his level of expertise. Even unsophisticated hackers and cybercriminals can take advantage of pre-written threats in the kits rather than having to build a virus or some other piece of malware from scratch.
The ZeuS toolkit (also known as Zbot, Wsnpoem, Gorhax, and Kneber), for example, is probably the most popular toolkit and is reportedly responsible for infecting millions of computers. Having been licensed by numerous criminal organizations, ZeuS has primarily been used to steal users’ personal financial information like online banking credentials. In October of 2010, authorities caught an international crime ring who had used ZeuS to steal upwards of $70 million.
The prospect of profitability has led not only to more widespread use of attack toolkits, but also to a more sophisticated distribution system. Today, attack toolkits are selling on the web for anywhere between $40 and $4,000, and makers of the kits sometimes even protect against piracy with installation codes–a practice that’s common in the legitimate software industry. Moreover, some higher-end attack kit vendors offer online support and subscription services so that users can get updated versions of malware. In short, the underground attack toolkit business is beginning to look a lot like the legal software industry.
Still, organizations and end-users can do a few things to help mitigate the risk of sustaining malware attacks. For starters, it’s vital that antivirus software be trusted and always updated with the latest patches. Similarly, if your antivirus software ever questions the authenticity of a site, always err on the side of being overly cautious. Organizations should try to limit unnecessary browser software and plug-ins internally. Additionally, they should consider enlisting the help of website reputation and IP black listing solutions in order to block access to potentially harmful sites.