Security Bytes

Nov 6 2009   2:00PM GMT

Fragus exploit pack’s pricy business model locks users in

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

The $800 attack toolkit comes with a self-destruct mechanism after a certain time period

Security researchers at Symantec are closely monitoring the Fragus exploit pack, an $800 package of tools developed by cybercriminals to enable users to set up attack websites. Their latest findings have identified an effort by the toolset writers to clamp down on how the toolpack is used – an effort, no doubt, to keep the revenue stream open long after someone plunks down the hefty chunk of change needed to buy Fragus.

The blog entry, written by Peter Coogan with help from researcher Cathal Mullaney includes several screenshots of the exploit kit the researchers found in use on a specific domain. The toolkit they found was in use in September and October and targeted users in Spain and Germany.

Symantec said the toolkit is one of the most popular, but we’ll have to see how the author’s clampdown affect its popularity. The authors restrict files to run on specific IP addresses and servers meaning that if an owner of the kit wants to make a change they have to go back and get a software update to do so. The toolkit also contains a self-destruct mechanism, expiring files after a certain time period.

Despite the limitations, the toolkit’s popularity must mean that it is a big – real big – money maker for cybercriminals. A person willing to give up $800 is willing to accept a lot of risk and much like the stock market, the more risk you take on, the bigger the rewards.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • DarkestOfSides
    How can you purchase this software?? I would like to start my career of Offensive Penetration Testing. And I am gonna use this for good purposes only. If any questions on how I am gonna use this software, call me at 616 994 3748. Again, I am only gonna use this for GOOD PURPOSES only.!! And I need to know how I can find/ purchase this piece of advanced software. Thanks :)
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: