The Business Behind Exploit Kits
We promised to dig deeper into the business of these types of attacks and were ready to deliver on our promise!
Need a recap? Let’s get started!
What Is An Exploit Kit?
An Exploit Kit is a toolkit designed to find vulnerabilities on the client-side (browser) to eventually inject some type of malware in the user’s machine usually via drive-by-download. Exploit Kits tend to infect Windows users (7-10) with Internet Explorer (8-11).
Once the attacker finds the vulnerability they inject some type of malware, like ransomware or even a tech support scam!
Exposing The Money Behind the Business
How does the business work?
Let’s say you are running a tech support scam, you have everything you need, the LPs, the call center, all of it, but you somehow need to drive traffic to it right? So here is where the Exploit kits come in.
We researched the darknet and found a few offers, we also contacted some of them to better understand pricing and how it would work…
Here is an example from a forum with an offer for an Exploit Kit:
You can really see exactly what they offer, a way for you to literally exploit vulnerable, non-savvy users into injecting them with malicious activity and taking complete advantage of them.
- No reselling of the service
- Direct sale of lods from a bunch???
- In case of detection the server is automatically deactivated without a refund. The contact enters a black list and the administration of the forum is notified.
- English speaking users, 1 test day is not available!
Exploit Kit Cost:
- 1 day test (One thread issued on a shared server) $50
- Week – $250
- Month – $900
- Limited sets, only 25 available. Contact via PM. Cooperation may be refused without explanation
- No refunds if there is traffic.
- Service is closed from Dec 31st till Jan 5th
Let’s Crunch Some Numbers
So we know they have 25 limited spots, meaning they could potentially be doing $6,250 per week in revenues only with this specific offer. Sounds like a lucrative business!
To sum up, there is a whole underground industry that profits on users’ vulnerabilities. From the scams that actually charge money directly to the users, to the means by which they are spread to the users, in this case, Exploit Kits.
Need a bit more info on blocking malicious attacks?