Got malware? Rent an exploit service
(Publication) Google search: [1]
| Got malware? Rent an exploit service | |
|---|---|
| Botnet | |
| Malware | |
| Botnet/malware group | |
| Exploit kits | CritXPack |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-01-29 |
| Editor/Conference | Damballa |
| Link | https://blog.damballa.com/archives/1893 blog.damballa.com (blog.damballa.com Archive copy) |
| Author | Kevin Stevens |
| Type | Blogpost |
Abstract
“ Let’s say you have some killer malware and nearly everything you need to launch an attack and manage a criminal network. But you don’t want to be bothered with building an exploit kit or deciding which one to buy. Fear not, you can rent an exploit service.
Damballa Labs recently investigated a criminal infrastructure being used by a person or group running a Critx exploit kit rental service. This blog covers the kit, how it is being used, and how many people might actually be signing up for this rental service.
Critx might seem like just another exploit kit but it is being used in a unique way. Instead of being sold, the exploit kit is being rented or leased on its own criminal infrastructure. It is all set up with multiple IP addresses and redundancy to prevent takedowns. All a criminal would have to do is simply register a domain and point it to this infrastructure. Illustration 1 is a screen shot advertising the exploit kit and the actual cost to rent it for a given period of time.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1293,
editor = {Damballa},
author = {Kevin Stevens},
title = {Got malware? Rent an exploit service},
date = {29},
month = Jan,
year = {2013},
howpublished = {\url{https://blog.damballa.com/archives/1893 blog.damballa.com}},
}