Exploit Toolkits Currently Openly Promoted, Boosting Sales: Brian Krebs
Brian Krebs, security investigator associated with the newswire 'Krebs on Security' says that till the present time, attack toolkits that help cyber-crooks to develop and deploy malicious software, hardly got advertised, but, such isn't the case anymore, reported itsecuritypro.co.uk dated July 8, 2013.
According to the researcher, cyber-crooks therefore, wishing for buying exploit kits, required being well connected else to state the minimum know the names of illegal forums that sold the kits.
Nowadays, Krebs adds, people who make attack toolkits are blatantly canvassing as well as selling their products by promoting them in the form of stress-test programs for browser vulnerabilities.
He explains that an exploit kit called The Styx -name derived from the mythological river of Greek fables whose two coasts are the underworld and mortals- is an example of such a toolkit that's getting publicly canvassed through the website Styx-crypt[dot]com.
Individuals, peddling the particular malware-as-a-service, have established one virtual helpdesk too accessible full 24-hrs for buyers paying for the service, the researcher notes, according to the itsecuritypro.co.uk news-report.
He further notes that Styx buyers may anticipate the niceties described by paying the $3K as cost for the kit. Krebsonsecurity.com published this dated July 8, 2013.
Moreover, as different from other toolkits, there's no thorough exploit breakdown in Styx. When Krebs examined the exploit panel of Styx, he found that it used plain 2-digit numbers to refer to the exploit packages it contained. The Styx, when employed, abused merely 4 browser vulnerabilities, each except one attacking the latest Java flaws. Usage of numbers such as 11, 12, 13 and 32 was just how the toolkit cited the 4 vulnerabilities.
Meanwhile, Krebs informs that the usual online site, where Styx was getting sold, was apparently closed following a report he published telling of the site.
Incidentally, according to him, he managed in relating payment details he obtained from the site with 3 Ukraine-situated persons namely Alexander Nazarenko, Maxim Gavryuk and Stanislav Shangin. All three allegedly know perfectly how to develop wares on the Web. Although the three are apparent buyers of Styx, yet Krebs is confident that they're behind the toolkit's development.
» SPAMfighter News - 15-07-2013