A crimeware kit, also called an infection, exploit or DIY attack kit, is a programming tool that allows someone who does not have any experience writing software code to create, customize and distribute malware.
Crimeware kits have graphical application program interfaces (APIs) that allow non-technical users to manage sophisticated attacks capable of stealing corporate and personal data, orchestrating denial of service (DoS) exploits or building botnets.
Most kits are built by professional programmers who exploit vulnerabilities that have already been publicly disclosed. The kits, which are commercially available on underground discussion forums, can cost as little as $100 or as much as $10,000. According to the FBI, payment is arranged through money transfers services such as Western Union.
Ironically, the high profits that can be gained by selling crimeware kits have led developers to model their software distribution model after that of legitimate software vendors. Many crimeware kits have clearly defined refund policies, licensing options, digital rights management (DRM) components and customer service.
Although crimeware kits are usually proprietary, they share several things in common including:
- A point-and-click build component.
- Provisions for creating threats in many different languages.
- A Web-based executive dashboard for managing the data and processing power harvested from infected machines.
- An interface that facilitates malware distribution through email, online advertisements and social networking websites.
Well-known crimeware kits include Zeus, MPack, Neosploit, BlackHole, Nukesploit P4ck and Phoenix. In May 2011, the Danish IT-security company CSIS Security Group announced the discovery of Weylan-Yutani, the first commercial crimeware kit that allows customers to create malware for both Mac and PC computers.
See also: phishing kit