In a market dominated by the mega-popular Blackhole exploit kit (newly upgraded to version 2.0) and the somewhat less sought-after Eleonore and Phoenix exploit packs, can the developer of a fourth one hope to compete?
The Nuclear exploit pack has been present for a while now, and its author has recently released version 2.0. He (or she?) advertises it on its own page, likely linked to from a number of underground forum entries (click on the screenshot to enlarge it):
As evidenced from the page, the exploit pack is currently being used in several more or less successful malicious campaigns, which end up delivering onto the compromised computers information-stealing Trojans and ransomware.
But what differentiates this offer from others is that the cybercriminal is determined not to be blamed for the criminal actions performed by his customers, and he tries to achieve this by introducing Terms of Service that everyone must agree to before using the kit.
According to Dancho Danchev, the Nuclear exploit pack’s TOS forbid actions that violate the law of the Russian Federation, acquisition of traffic using spam emails, iFrame-based traffic acquisition practices, testing the software on public services such (VirusTotal and others), offering Cybercrime-as-a-Service business services using the kit, and developing an affiliate program using the exploit kit.
The kit also lacks operational security features which would make the campaigns harder to detect and analyze, so it definitely can’t compete with the Blackhole exploit kit.