14 DAY TRIAL // Researchers from security vendor M86 Security have identified a new exploit toolkit being distributed on the underground market for free and being worked on as a community effort.
Called k0desploit, the new toolkit is actually based on the notorious Eleonore exploit pack which is commonly used in drive-by download attacks.
The k0desploit admin panel login page displays the text "K0de.org Open Source Exploits," which sent M86 researchers searching for more information about it.
This lead them to a few forum posts made by the original author explaining the toolkit is an improved version of the Eleonore mod posted by Blackdevil.
He mentions that preliminary tests done on 1,000 computers revealed an infection rate of 9.6%, significantly more than the original 3.5% the Eleonore mod had.
The developer also notes that most of the successful attacks were for the MDAC and IE vulnerabilities, not Java as previous research suggested.
He also claims he got the exploits to partially work via Firefox and Chrome, which they didn't before, and he appeals to the community to help with the exploit development.
"In addition to the 'open-source' exploit kit, the page contains a long list of anonymous proxy servers near the bottom as well as stolen credit card numbers along with the login credentials of dozens of individuals," the M86 experts say about the forum post they found.
Drive-by download attacks launched from compromised legit websites are one of the primary malware distribution vectors used today.
They are widely preferred over other propagation channels because they result in a much higher infection rate and can last for longer if done properly.
Most attack toolkits are commercial in nature and cost significant sums of money, however, free alternatives like k0desploit do exist for people who are just starting their cyber criminal activity.
Users are advised to keep all of their software, including the operating system, up to date and to run an antivirus capable of scanning Web traffic at all times.