Webroot’s Dancho Danchev is known for combing through the wilds of the Internet for places where cyber criminals congregate and reporting back with interesting news about tools and services offered for sale.
Among those is a brand new exploit kit that, for now, concentrates only on exploiting Java flaws. The vulnerabilities in questions are CVE-2012-1723 and CVE-2013-0431, but more exploits are to be added soon, say its creators.
Cyber crooks can rent the kit for 24 hours, a week or a month, paying respectively $40, $150 and $450 for the service. But, is it worth it?
The infection rate for a campaign using this kit is 9.5 percent, which is considerably lower than that promised by sellers of more popular – and versatile – exploit kits.
In terms of innovation, there’s not much to note.
“For the time being, customers can choose whether they want to manually rotate the client-side exploits serving domains/IPs, or whether they’d want the cybercriminals selling the kit to do it for them as a managed service. Customers of the exploit kit will also receive notifications one their domains start getting detected by security vendors, through the Domain Check service,” says Danchev.
“Naturally, the cybercriminals behind the exploit kit are outsourcing the entire process instead of building the capability in-house. Also, for the time being, the exploit kit can only be rented on bullet proof servers operated by the cybercriminals pitching it, but if customers want to use it on their own servers, they would have to personally request this from the vendor.”
He doubts that the kit’s developers will have much success, especially because Java vulnerabilities have lately been big news and users – both home and enterprise ones – have been repeatedly advised to disable Java for the time being.