Attack Toolkits and Malicious Websites

1

Attack Toolkits & Malicious Websites

Attack Toolkits and Malicious Websites

Global Intelligence NetworkIdentifies more threats, takes action faster & prevents impact

Information ProtectionPreemptive Security Alerts Threat Triggered Actions

Global Scope and ScaleWorldwide Coverage 24x7 Event Logging

Rapid Detection

Attack Activity• 240,000 sensors

• 200+ countries

Malware Intelligence• 133M client, server,

gateways monitored

• Global coverage

Vulnerabilities• 35,000+ vulnerabilities

• 11,000 vendors

• 80,000 technologies

Spam/Phishing• 5M decoy accounts

• 8B+ email messages/day

• 1B+ web requests/day

Austin, TXMountain View, CA

Culver City, CA

San Francisco, CA

Taipei, Taiwan

Tokyo, Japan

Dublin, IrelandCalgary, Alberta

Chengdu, China

Chennai, India

Pune, India

2Attack Toolkits and Malicious Websites

Attack Toolkits and Malicious Websites 3

Attack Toolkits and Malicious Websites – Report Details

Accessibility

• Attack kits allow unskilled attackers to enter the market with sophisticated tools

• Attack kits feature easy to use icon-driven GUIs that include checkboxes and pull down menus


Accessibility

• Centralized administrative interfaces provide easy access to various toolkit functions

• The increasing sophistication and “user-friendly” features is further evidence of the increasing organization and profitability of the underground economy


Ease of Use

• Statistics and information on compromised hosts can be gathered for further use

• Tasks can now easily be done with a few clicks of the mouse


Ease of Use

• Complex exploits are simplified for the toolkit user.


Increased Utilization

• Toolkits account for nearly two-thirds of all threat activity on malicious websites

• As kits become more robust and easier to use, this number will likely climb


Faster Proliferation of Attacks

• New exploits are quickly incorporated into kits

• Allows newer attacks to proliferate rapidly so they are seen by more users soon after release


Faster Proliferation of Attacks

• A single attack kit installed on a popular website can exploit a large number of users in a short period of time


!

Profitability

• Toolkits are relatively easy to find for purchase through simple Web searches

• Advertisements can be found on the underground economy and Web forums


Profitability

• Both creators and users of kits profit from them

• Creators profit by selling the kits while users profit through information theft


Key Facts and Figures


Malicious Web Pages

• During this reporting period, Symantec observed more than 310,000 unique domains that were found to be malicious

• On average, this resulted in the detection of more than 4.4 million malicious Web pages per month


Attack Frequency

• Frequency of attacks rises when new exploits are released, then declines over time

• As new kits become well known, sites hosting them are shut down faster and more often


Malicious Websites by Search Term

• Categories of search terms that led to malicious websites

• Blackhat search engine optimization is often used to lead users to malicious sites through searches


About the Report

The Symantec Report on Attack Toolkits and Malicious Websites, developed by the company’s Security Technology and Response (STAR) organization, is an in-depth analysis of attack toolkits. The report includes an overview of these kits as well as attack methods, kit types, notable attacks and attack kit evolution. It also includes a discussion of attack kit features, traffic generation and attack kit activity.
