Ever wonder where cyber-criminals get the tools to go after your computer? Not every crook out there is a computer genius who can craft malware or seek out code flaws like HeartBleed. Thieves that break into cars and houses don’t forge their own tools from molten metal. They go to the store just like you or I would for tools. Now, cyber-criminals don’t stroll on down to the hardware store – they take advantage of a massive online marketplace that sells the perfect tools for attacking your computer.
Just like you can log onto our site and order a stylus pen or flash drive, these guys can log onto black market sites and fill up their shopping cart with attack toolkits. Attack toolkits are groups of malicious code. This code allows crooks to steal the information from companies and from you and to take over your computer. They can then use your computer to attack other computers.
Most of this code is written originally to attack business or government computers originally. Big time criminals probably won’t take the time to go after individual home users. But then these guys sell this code to smaller players who have plenty of time to go after the individual.
According to security experts Symantec, “Attack kits are significantly advancing the evolution of cybercrime into a self-sustaining, profitable, and increasingly organized economic model worth millions of dollars.”
More than 60% of web-threats can be traced back to these attack toolkits. And since you don’t really need many computer skills to launch them, it enables more and more criminals to get into the cyber-crime business.
Favorite targets for these toolkits were Microsoft’s Active Template Library Header vulnerability, Adobe Flash Player’s Remote Bugger Overflow and various Apple and Microsoft issues. Tablets and phones are also a new favorite target. The Dendroid kit, clearly advertises what it can get from your phone in the image below.
There’s even a specific search engine just for searching the black market for things like malicious software toolkits as well as drugs and other contraband. Running a search for toolkits, I was able to find offers for a hacking kit and for kit that promises to allow you to set up a fake PayPal account where you can transfer your ill-gotten gains.
Why don’t authorities bust these people? They try, but they have to find them first and many of them are based on servers located in countries that don’t active seek out or prosecute cyber-criminals.
That’s why it’s very important to make sure you run all security updates available for Windows, Flash, Java and other programs and make sure to keep your security and malware software completely up-to-date. There are an ever-growing number of folks who are dedicating their time to finding a way into your computer.
~ Cynthia
Great tip. Thank you for the information.
How kind of you to give the EXACT names of pgms needed so hackers (who didn’t know about these sites nor thought of how easy this is before) can now train themselves to attack more computers!&^%$#@
Did not it occur to you to warn us honest users without the instructions as to HOW TO DO IT? (THUMBS DOWN)
Joyce:
These sites and marketplaces are by no means any kind of secret. I did not give the exact name of the sites or marketplaces where you can search for them, but anyone who is interested can find them quickly with any an Internet search of almost any engine. Hackers already know where these things are. The names of these malicious toolkits have been publicized in security alerts from security companies warning of their effects. The purpose of pointing out the existence of the marketplace for home users is to make people understand just how easy it is for those with bad intent to attack your computer.
Joyce, my take away was “…it’s very important to make sure you run all security updates available for Windows, Flash, Java and other programs and make sure to keep your security and malware software completely up-to-date”. Also it helps to stay informed and stay away from these websites as you probably don’t want them to know where you live.
Thank You Cynthia, for a detailed Account on Malware Creators. I’ve heard about the availability of such tools online but didn’t care about searching those websites to have a look!