Cyber Crime Toolkits Go On Sale

This is not exactly new news either, these kind of toolkits have been on sale for a long time, virus generators, trojan toolkits, now they are getting more polished, more stream-lined, more expensive and more easily available.

News of them is hitting the mainstream media..

Malicious hackers are producing easy to use tools that automate attacks to cash in on a boom in hi-tech crime.

On sale, say security experts, are everything from individual viruses to comprehensive kits that let budding cyber thieves craft their own attacks.

The top hacking tools are being offered for prices ranging up to £500.

Some of the most expensive tools are sold with 12 months of technical support that ensures they stay armed with the latest vulnerabilities.

Hacking tools with support packages! Now that’s something new.

According to Mr Henry there were more than 68,000 downloadable hacking tools in circulation. The majority were free to use and took some skill to operate but a growing number were offered for sale to those without the technical knowledge to run their own attacks, he said.

But, he added, many hacking groups were offering tools such as Mpack, Shark 2, Nuclear, WebAttacker, and IcePack that made it much easier for unskilled people to get in to the hi-tech crime game.

Mr Henry said the tools were proving useful because so many vulnerabilities were being discovered and were taking so long to be patched.

Mentions of Mpack always pops up, but now there’s a plethora of competitors.

The landscape is getting interesting, time for companies to invest more in their I.T. budgets I think. Especially when it comes to education and awareness.

Source: BBC

Posted in: Legal Issues, Malware

, ,

Latest Posts:

LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.
Stardox - Github Stargazers Information Gathering Tool Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view.
ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.

14 Responses to Cyber Crime Toolkits Go On Sale

  1. melvin,foong October 18, 2007 at 3:14 pm #

    we used to write our own rootkits.. now they come with support ? OMG !

  2. Sandeep Nain October 19, 2007 at 4:24 am #

    well this is funny… on one side there is germany who has completely banned the posession of security testing softwares and tutorials… and on the other hand there are these hacking kits with support packages which you can buy easily…

    This “sale of hacking packages with support” thing is serious coz it will give rise to the number of script kiddies and needless to say most of them will be using these tools for illegal activities

  3. backbone October 19, 2007 at 3:49 pm #

    Buying virus creation kits are the most lame thing in the world, cause there is…. for rootkits -> learn & download …. for any other a pen-test live distro… IMO

  4. n006_$@160t October 20, 2007 at 11:07 am #

    Well this is some tight shit, getting support….. now thats just something different

  5. dre October 25, 2007 at 11:48 pm #

    well in some cases you have governments and military who need to purchase these tools as weapons for offensive computing efforts. these are people who almost certainly need rootkits to protect themselves but also need their hands held when deploying them.

    fortunately for those in the know – anti-rootkit technology has stepped up again. i saw gabe lawrence speak at the toorcon 9 seminars in san diego this past weekend. his talk mostly centered around linux rootkit technology, but he also covered Windows and virtualization rootkits. his current project, 99lb, looks very promising.

  6. Sandeep Nain October 26, 2007 at 4:32 am #

    I believe these government and military agencies have enough funds andd resources that they can build these kits by themselves rather than buying from hackers… as i’m sure govt won’t trust these sources.. and they should not…

    and definitely anti-rootkit stuff will be a revolution.

  7. dre October 28, 2007 at 1:58 am #

    Well look at Sony. They are as large as many governments and military outfits – yet they failed to “roll their own” rootkit. In some cases, Sony would have been better off buying Haxdoor or equivalents at the time. So I think this does hold true for those who need offensive computing but can’t afford the expertise at varying levels. Of course, they could hire experts to modify these tools.

    Who else do they turn to? ImmunitySec, CORE, and modifying Metasploit? My guess is that many intelligence agencies are also getting their hands on these cybercrime toolkits to be used in cyberwarfare. I wouldn’t say it’s a stretch to call such a tactic Science Fiction.

  8. Sandeep Nain October 28, 2007 at 4:20 am #

    Yes you are right DRE that sony is probably as large as any govt or military outfit but the security requiremenets differ… A loophole in sony’s it security may be a threat to the company itself but thats it. Can you imagine somebody getting a root access to US Army’s main servers?? its a NATIONAL THREAT.. so they can’t afford to trust a 3rd party software like rootkits to be installed on their systems. its just LAME. they probbaly think of getting anti-root kit stuff.

  9. dre October 28, 2007 at 4:27 am #

    @Sandeep: nononono… Sony didn’t get owned by a rootkit… they tried to build one… you missed the whole point of my argument

  10. Sandeep Nain October 28, 2007 at 4:51 am #

    @Dre, I understood your point and what i want to communicate here is:

    Sony can afford to not to have their own rootkit or not having good enough security professionals but Army and govt agencies MUST have THE BEST security professionals and programmers who can make rootkits and what not rather than buying off a 3rd party rootkit and anti-root kit.

    I hope this is much clear now…

  11. Sandeep Nain October 28, 2007 at 4:56 am #

    and I reckon, govt agencies must be looking at these cybercrime toolkits but not because they wanna use it and get support as well…

    but they will actually be looking at how to prevent govt. systems from the attacks which can be generated using these toolkits.

  12. fazed October 30, 2007 at 5:40 pm #

    I am at the moment creating
    a web application attack toolkit,
    as I said in a comment on the next
    post the police stole my computer so
    I have lost it at the moment but have
    some of it stored on this laptop.
    anyways this toolkit has a web frontend
    that made it very easy to use..
    hope to get the computer back soon.. :S

  13. dre October 31, 2007 at 6:04 am #

    @Sandeep Army and govt agencies MUST have THE BEST security professionals and programmers who can make rootkits and what not rather than buying off a 3rd party rootkit and anti-root kit

    How many armies and government agencies are there in the world? There is no way that they can hire the best, as much as they would like to or need to. Even the top 15 most powerful governments can’t afford much at all in terms of security professional talent – although they may still have advanced spy, assassin, or propaganda / mass-manipulation organizations and devices.

    Nuclear Grabber and other kits, which cost anywhere from US$25 to US$3k – have been used to steal money from many European banks on several occasions. How many elite government spies are capable of doing that for a similar cost and risk equations? How many elite government security professionals are capable of doing that for the same cost and risk equation?

  14. Sir Henry December 14, 2007 at 7:21 pm #


    I am intrigued to know more about your predicament with the police. Do tell…