Why exploit kits are expensive and why that's NOT okay!

Adorapuff · 02-05-2014, 05:52 AM

Not a tutorial | a wall of text
Okay, so anyone familiar with botnets most likely knows what an exploit kit is. For those of you who don't know, its a web system that you setup on a server and you pwn a bunch of sites, iframe the server, and when people go to the pwn'd sites, the exploit kit does its *magic* and a percentage of those people get infected with your malice. How do these work? Basically, the exploit kit will contain a bunch of local exploits, for example a game with a buffer overflow vulnerability. It will attempt to check if you have these programs installed, and then attempt to exploit them. Now, with modern security, the user will still need to confirm to open the app, but that can be masked. Making these kits isn't the easiest thing, but anyone who really wants to can scrape exploit-db, and implement this in an exploit kit. The only thing that makes these expensive are 0days used and that's understandable, but keep in mind, you can have decent results with public exploits.
I'm sure that this is not 100% correct, and w00t will probably comment on the things wrong in fact I hope he does.

BreShiE · 02-05-2014, 10:22 AM

A lot of misused terminology and terrible grammar. Make it easier to read. Not a bad wall of text though.

w00t · 02-05-2014, 04:09 PM

Just like when you write an essay, start a new paragrapgh when the topic or tactic changes, it's much more readable.

Most people when they say exploit kit mean a website exploit kit. When users on a vulnerable browser "read" the exploit, the virus gets downloaded.

It is, however, interesting that you bring up games. For some reason, money-motivated blackhats ignore games as an attack vector, when they are a lucrative target.

Take BF4, for example. If I find an exploit that lets me own any player's PC if i'm in-game with them, within a single day I could concievably have infected thousands of higher end computer that will have good bandwidth.

Dismas · 02-05-2014, 04:41 PM

(02-05-2014, 04:09 PM)w00t Wrote: Just like when you write an essay, start a new paragrapgh when the topic or tactic changes, it's much more readable.

Most people when they say exploit kit mean a website exploit kit. When users on a vulnerable browser "read" the exploit, the virus gets downloaded.

It is, however, interesting that you bring up games. For some reason, money-motivated blackhats ignore games as an attack vector, when they are a lucrative target.

Take BF4, for example. If I find an exploit that lets me own any player's PC if i'm in-game with them, within a single day I could concievably have infected thousands of higher end computer that will have good bandwidth.

Funny you mention that. They'd be better targets for miners. Tongue

Adorapuff · 02-05-2014, 04:46 PM

(02-05-2014, 04:41 PM)Oni Wrote: Funny you mention that. They'd be better targets for miners.

While that's true, most big botnet owners don't care for shit like that. Those are very specialized botnets that mine. For the most part, fraud is the only thing they are looking to accomplish.

w00t · 02-05-2014, 07:24 PM

But because gamers usually( always? ) have good bandwidth, they're good for any network.

Crypt · 02-08-2014, 06:23 PM

Because, exploit kits are crucial requirements and have wuurked for many sinisterly hardcore hecker operations.