Got malware? Rent an exploit service

Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Got malware? Rent an exploit service
Botnet/malware group
Exploit kits CritXPack
Distribution vector
Operation/Working group
Date 2013 / 2013-01-29
Editor/Conference Damballa
Link ( Archive copy)
Author Kevin Stevens
Type Blogpost


Let’s say you have some killer malware and nearly everything you need to launch an attack and manage a criminal network. But you don’t want to be bothered with building an exploit kit or deciding which one to buy. Fear not, you can rent an exploit service.

Damballa Labs recently investigated a criminal infrastructure being used by a person or group running a Critx exploit kit rental service. This blog covers the kit, how it is being used, and how many people might actually be signing up for this rental service.

Critx might seem like just another exploit kit but it is being used in a unique way. Instead of being sold, the exploit kit is being rented or leased on its own criminal infrastructure. It is all set up with multiple IP addresses and redundancy to prevent takedowns. All a criminal would have to do is simply register a domain and point it to this infrastructure. Illustration 1 is a screen shot advertising the exploit kit and the actual cost to rent it for a given period of time.


   editor = {Damballa},
   author = {Kevin Stevens},
   title = {Got malware? Rent an exploit service},
   date = {29},
   month = Jan,
   year = {2013},
   howpublished = {\url{}},