Not long ago, there were only a handful of serious so-called “exploit packs,” crimeware packages that make it easy for hackers to booby-trap Web sites with code that installs malicious software.
These days, however, it seems like we’re hearing about a new custom exploit kit every week. Part of the reason for this may be that more enterprising hackers are seeing the moneymaking potential of these offerings, which range from a few hundred dollars per kit to upwards of $10,000 per installation — depending on the features and plugins requested.
Take, for example, the iPack crimeware kit, an exploit pack that starts at around $500.
Its name and cute logo aside, iPack has nothing to do with Apple’s products. According to Jorge Mieres over at the Malware Intelligence blog, the software vulnerabilities targeted by exploits contained in this package are all for Windows platforms, including:
MDAC (CVE-2006-0003) – (MS06-014)
PDF collab.getIcon (CVE-2009-0927)
PDF Util.Printf (CVE-2008-2992)
PDF collab.collectEmailInfo (CVE-2008-0655)
PDF Doc.media.newPlayer (CVE-2009-4324)
Crimepack Kit Used in Java Attacks
A Peek Inside the Eleonore Browser Exploit Kit