The sale of crimeware kits that take the technical work out of setting up and distributing dangerous malware is skyrocketing, according to a report issued by security vendor Symantec Corp.
Symantec's Internet Security Threat Report confirms the finding of an earlier report from security vendor Finjan, which documented the increasing use of crimeware kits being sold on the black market.
Cupertino, Calif.-based antivirus giant Symantec released its threat report Monday. It covers the threat landscape over the six-month period between Jan. 1 and June 30, 2007.
Symantec said the crimeware kit, MPack was one of the notable security threats that emerged in the first half of 2007. The commercially available black-market attack toolkit can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised Web site, Symantec said.
The list of commercially available kits on the black market is growing. Many of the kits lock the buyer into a support contract as they can be updated according to the latest vulnerabilities discovered. Some standard names are available, including MPack, NeoSploit, IcePack, WebAttacker, WebAttacker2 and MultiExploit toolkits, as well as new toolkits such as random.js, vipcrypt, makemelaugh and dycrypt.
Zulfikar Ramzan, a senior principal researcher at Symantec, said the kits are being sold for as much as $1,000 on the black market.
Symantec believes that MPack was professionally written and developed. The reliability and robustness of MPack implies that it benefited from professional development, Ramzan said.
"It's clear that activity is now being pointed toward more commercial type behavior," Ramzan said. "They're organized entities and even selling support contracts. A lot of these single kits have multiple different threats and multiple vulnerabilities that can exploit a smorgasbord of malicious activity."
There were over 200,000 new malicious code threats in the first half of 2007, according to the Symantec report. Of the top 50 malicious code samples that Symantec saw, two of them targeted online games.
"Attackers are realizing that through different types of malicious code, they can steal virtual currency and then in turn it can be sold in virtual markets for real currency," Ramzan said.
Enterprises are not immune, Symantec said. As much as 4% of malicious activity came from addresses from inside Fortune 100 companies, as some employee computers get turned into bots to churn out spam and malicious code.
"It's further indication that enterprises need to be careful, because many people are not using good computer practices," Ramzan said.
Phishing kits are also on the rise, Symantec said. The toolkits, which contain sample Web pages and email messages, can be purchased on the black market as well. Symantec blocked over 2.3 billion phishing messages, an increase of 53% over the last half of 2006. Three phishing toolkits were responsible for 42% of all phishing attacks observed by Symantec in the first half of 2007.
"The phishing arena is growing and we're seeing pricing vary for these ready made kits depending on what they can do," Ramzan said.