The $800 attack toolkit comes with a self-destruct mechanism after a certain time period
Security researchers at Symantec are closely monitoring the Fragus exploit pack, an $800 package of tools developed by cybercriminals to enable users to set up attack websites. Their latest findings have identified an effort by the toolset writers to clamp down on how the toolpack is used – an effort, no doubt, to keep the revenue stream open long after someone plunks down the hefty chunk of change needed to buy Fragus.
The blog entry, written by Peter Coogan with help from researcher Cathal Mullaney includes several screenshots of the exploit kit the researchers found in use on a specific domain. The toolkit they found was in use in September and October and targeted users in Spain and Germany.
Symantec said the toolkit is one of the most popular, but we’ll have to see how the author’s clampdown affect its popularity. The authors restrict files to run on specific IP addresses and servers meaning that if an owner of the kit wants to make a change they have to go back and get a software update to do so. The toolkit also contains a self-destruct mechanism, expiring files after a certain time period.
Despite the limitations, the toolkit’s popularity must mean that it is a big – real big – money maker for cybercriminals. A person willing to give up $800 is willing to accept a lot of risk and much like the stock market, the more risk you take on, the bigger the rewards.