The hacker's toolkit returns

What does $8000 buy you nowadays? Enough iPads to equip the entire family, with matching MacBook Airs thrown in for good measure? A couple of 3D TVs?

If you're a cybercriminal, it'll buy you a pretty sweet hacker's toolkit. But don't worry if you're too dumb to understand complicated computer stuff. Contemporary hacker's toolkits are user-friendly. You can even purchase a support contract. If the security holes the toolkit exploits get patched, there's no problem--it can auto-update with new attack definitions.

All this is revealed in a new report by Symantec, which profiles the increasing sophistication of hacker's toolkits over recent years, and the criminal underworld that's grown around them.

Toolkits aren't anything new, and have been around since the days of DOS. Back then they gave rise to "script kiddies," young people (usually male) who lacked the expertise to hack but were able to download software and create worms or Trojans with little more than a few clicks.

Possibly the most famous script kiddie was Jan de Wit, who used the Visual Basic Script Worm Generator (VBSWG) to create the infamous Anna Kournikova worm that wreaked havoc back in 2001.

However, the big difference today is that the criminal world has learned from the mainstream software scene. Organized crime has an organized software scene.

As Symantec point outs, it's no longer lone hackers who are sharpening their claws by creating viruses, or even small groups of criminals who hire hacker expertise to create malware. Easy-to-use software that's widely available allows just about anybody to get in on the scene. Essentially, such software has allowed cybercrime to go mainstream, which is why it's become an increasingly larger problem over the last five years.

Contemporary hacker's toolkits are also smarter than those of old, which were typically one-trick ponies that were useless once their attack vector was patched. Software like ZeuS 2.0, highlighted by Symantec's report, is essentially a malware engine: It will use many different attack vectors to try and compromise PCs. Contemporary toolkits are often sold on a subscription model, with updates included, and there are even the black-hat equivalent of consultants who'll access your criminal needs and spec-out the required hardware and software.

The main entry point used by hacker's toolkits is the Web browser and its various plugins, such as Adobe Flash. The goal is to install keyloggers to steal things like online banking passwords, or to turn the computer into a zombie that can further infect other computers. The intention is to infect the victim's computer without their knowledge.

Symantec suggests hackers are forced to infect computers this way because older methods of attacking computers via the services they run are no longer possible. For example, the Blaster worm in 2003 prompted Microsoft to begin taking security seriously and was arguably why the second service pack for Windows XP, released a year later in 2004, boosted the Windows firewall and featured data execution prevention.

All the signs show that toolkits are pretty effective. Last September it was claimed those arrested worldwide as part of Operation Trident Breach used the ZeuS toolkit to steal an estimated $70 million over several years. Suddenly that $4,000 asking price doesn't seem so excessive. There are up to 10 high-level gangs are currently using ZeuS to rake in the same kind of money, according to Don Jackson, who tracks ZeuS as part of his job at SecureWorks.

What can we do to protect ourselves? Nothing more the usual trick of keeping everything up to date, system software and virus definitions in particular. Not using Internet Explorer is a good idea, although Firefox and even Google Chrome are targets too. Switching to Linux is a pretty effective block, but isn't entirely easily.

Try installing a browser extension such as FlashBlock, which will block any Flash code on a Website unless you specifically opt to let it run (some Flash heavy sites like YouTube can be whitelisted). This way, if you inadvertently find yourself redirected to a site containing malware contained in Flash code, you won't be infected instantly and automatically.

Keir Thomas has been writing about computing since the last century, and more recently has written several best-selling books. You can learn more about him at and his Twitter feed is @keirthomas.

Join the CSO newsletter!

Error: Please check your email address.

Tags symantecsecurity

More about Adobe SystemsFacebookGoogleLinuxMicrosoftSecureWorksSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Keir Thomas

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts