The author of the worldâ€™s most popular exploit kit – the BlackHole – decided to expand his business and demand huge sums of money for a high-end crime pack dubbed Cool Exploit Kit. Unlike others, this pack is pitched as exclusive clientele and will contain fresh, unmitigated exploits.
Exploit packs are collections of browser and browser plug-in exploits hosted on compromised or malicious websites. When victims land on these websites, the visitorâ€™s browser and plugins are probed for known vulnerabilities and then malicious code targeting these vulnerabilities is executed in order to plant malware without userâ€™s interaction.
According to KrebsOnSecurity, an associate of Paunch (the leader of the online crime gang that created BlackHole) made a bold announcement on an underground cybercrime forum, saying that he and his team will venture into a new project that involves unique browser plugin exploits and vulnerabilities.
â€œWe are setting aside a $100K budget to purchase browser and browser plug-in vulnerabilities, which are going to be used exclusively by us, without being released to public (not counting the situations, when a vulnerability is made public not because of us)â€ the forum posting reads. â€œNot only do we purchase weaponized (ready) exploits, but also their descriptions and proof of concepts (with subsequent joint work with our specialists).â€
A French researcher calling himself Kafeine found the worrisome connection between exploit packs and some ransomware-type attacks, and linked the BlackHole exploit pack to the new Cool Exploit Kit.
With exclusive new exploits, fresh vulnerabilities and improvements of existing vulnerabilities that are not released to public, this project means business. Despite its costs, it appears at least two buyers have already subscribed to this new weaponized exploit pack to use it in ransomware-type attacks.
We may hear a whole lot about this exploit kit in the months to come.