Malicious tools enable attackers to gain access to a variety of valuable resources such as identities, credentials, hacked hosts, and other goods and services. Some malicious tools and services are designed to counter security measures such as antivirus software to increase the lifespan of a malicious code sample in the wild. The result is a cycle whereby malicious tools must be continuously developed and used to produce other goods and services. The profits from these goods and services may then be reinvested into the development of new malicious tools and services.
Tools range from kits that automatically scan and exploit vulnerabilities to botnets. These tools may be used to provide services such as denial-ofservice (DoS) attacks, spamming and phishing campaigns, and finding exploitable websites and servers. They can also be used to generate a number of goods, such as compromised hosts, credentials, personal information, credit card data, and email addresses.
Exploits are another effective malicious tool. Exploits constitute vulnerability information and exploit code. They differ from the other categories of attack tools in that they are not automated by nature. When exploits are incorporated into automated tools, they can then be classified as attack tools. The exploits available in the underground economy are typically tailored to specific market demands. Profitable activities in the underground economy (such as identity theft, credit card fraud, spam, and phishing) require a constant supply of resources (such as compromised personal information, credit card numbers, and hosts).
Many of these goods and services are produced by attackers who exploit vulnerabilities in Web applications and servers. The market for exploit code and vulnerability information is geared toward attackers and malicious code developers who wish to incorporate fresh exploits into attack toolkits and, therefore,represent a distinct category of their own.
No comments:
Post a Comment
Type your comment in here