It is believed that the astounding growth of malware that we have seen the last two years is driven by toolkits sold in the undergrown economy. About two-thirds of malicious web activity can be traced back to botnets and exploit code built using popular attack toolkits sold in the underground economy, according to a new Symantec report.
According to the Symantec report, which covers June 2009 through July 2010, the notorious software was used in botnet form to steal financial data and execute fraudulent transactions. A botnet is a collection of software agents, or robots, that run autonomously and automatically.
Nowadays, the term is more commonly associated with malicious software. MPack (48%), NeoSploit (31%) and ZeuS (19%) are the top three most popular attack toolkits in terms of malicious web activity.
Symantec notes cyber criminals willing to pay the price in the fight to get rid of rivals-from as low as $ 40 for some attack toolkits to as much as $ 8,000 and more for ZeuS-along with any specialized services for malware. These toolkits make it fairly easy for anyone to get into crimes. Those crimes include everything from running botnets for spam, financial crime and denial-of-service attacks to just the process of compromising PCs with malicious trojans through Web drive-by downloads, typically from legal websites that have been compromised.
Most repeatedly exploited by these attack toolkits were Microsoft Active Template Library Header Data Remote Code Execution Vulnerability, Adobe Flash Player Multimedia File Remote Bugger Overflow Vulnerability, and Microsoft Windows Media Player Plug-in Buffer Overflow Vulnerability with many other Microsoft and Apple protocols also popular.
Types of sites that are most likely to be loaded up with malware are popular adult entertainment and video sreaming websites, along with their misspelled-typo equivalents. Cyber criminals know what people are searching for.
In general, Symantec's research indicates that attack toolkit developers do not specifically scramble to get new vulnerabilities into their attack code, nor do they aim to incorporate zero-day attacks, despite what they say to the contrary. Thus, IT security vendors, has to explore into the world of attack toolkits since so many security countermeasures, have to be designed based on what the crime world's software developers do. Haley says to his knowledge it's not illegal to develop attack toolkits, just to use them in some form to commit an actual crime.
With attacks toolkits becoming increasingly available, software upgrades that enhance business productivity are also leaving organizations open to new attacks. Organizations need to emphasize the need for highly skilled IT professionals who can provide protection against the proliferating variants of malware generated by the attack toolkits in the hands of cybercriminals. It does not help if the IT professional working for the organization being attacked is not highly knowledgeable in the latest hacking techniques. To be hacker you must think like one.
IT Professionals can learn how to do all these and more in EC-Council's Certified Ethical Hacker information security training. Specifically, the Certified Ethical Hacker program is required for the US Department of Defense's (DoD) computer network defenders (CND's), a specialized personnel classification within the DoD's information assurance workforce. This qualification tests the certification holder's knowledge in the mindset, tools and techniques of a hacker. IT professionals may also attend the world recognized hacker conference, Hacker Halted.