Malware toolkits introducing new faces to cybercrime: Symantec report

Image: Salvatore Vuono /

The rapid proliferation of malware toolkits is playing a major role in the acceleration of attack creation and also in who is launching the attacks, according to new research from Symantec.

The company will issue its Symantec Report on Attacks Kits and Malicious Websites Tuesday, noting the considerable impact that toolkits have had on the creation, distribution and profitability of malware.

“They’ve been around for some time, but we’re at a point where they’re incredibly accessible and very easy to use as well,” said Marc Fossi, manager of Security Response for Symantec Canada.

The report tracks the rise of the malware toolkit from its humble debut in 1992 to the big business of ZeuS and its ilk today.

The availability of these toolkits has had a significant change in who’s making these attacks, Fossi said. In the early days, he said it as “the computer guy who drifted into cybercrime” responsible for malware. But with increasing sophistication of malware kits and easier access to such tools, that demographic is changing.

“What we’re seeing now is that criminals are not getting into cybercrime, and that’s a significant change because the computer guy getting into it didn’t know about things like money laundering,” he said. “These new players do, and they’re applying that knowledge to cybercrime.

Kits like ZeuS still require some level of “networking and computer basics,” Fossi said, but they have “really lowered the bar of entry” when it comes to getting involved in malware. In many cases, Fossi said, finding a malware toolkit can be as simple as “entering the name of a kit into your favourite search engine” to find a place to buy it.

And it’s becoming a much more buyer-friendly marketplace, too. As the toolkits marketplace has become more profitable, so has it become more competitive. As a result, it’s a marketplace where only those who offer the best features at the best prices thrive. Toolkits now offer subscriptions for service and support, e-mail support, bugfixes and the regular introduction of new features (IE: exploits) to differentiate from their peers.

Or they fight dirty, and simply eliminate one another when installed. This isn’t software that’s terribly hung up on ethics, after all.

For channel partners, the explosion of toolkits present another opportunity to explain the benefits of a multi-faceted security strategy, starting with patching. After all, the majority of the exploits targeted by toolkits aren’t zero-day scenarios, they’re well known and publicized holes that usually have patches readily available.

Beyond that, Fossi recommended partners educate customers about various other layers of security beyond patching and basic antivirus, including reputation-based security and identity protection. Call it a case of strength in numbers.

“It really shows that security isn’t a single product anymore. There’s no silver bullet to it, it’s a multi-layered, multi-tiered process,” he said. “You want to make sure you’ve got each of those layers in case any link in the chain fails so you’ve got backups there.”