Abstract
In this paper we report a preliminary analysis of the source code of over 30 different exploit kits which are the main tool behind drive-by-download attacks. The analysis shows that exploit kits make use of a very limited number of vulnerabilities and in a rather unsophisticated fashion. Their key strength is rather their ability to support “customers” in avoiding detection, monitoring traffic, and managing exploits.
Work partly supported by the European Union by the Erasmus Mundus Action 2 Programme and the Project EU-FP7-SEC-CP-SECONOMICS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Internet security threat report (April 2012), http://www.symantec.com/threatreport (Checked on September 10, 2012)
Coogan, P.: Fragus exploit kit changes the business model (February 2010), http://www.symantec.com/connect/blogs/fragus-exploit-kit-changes-business-model (Checked on September 10, 2012)
Cova, M., Kruegel, C., Vigna, G.: There is no free phish: an analysis of ‘free’ and live phishing kits. In: Proceedings of WOOT 2008, pp. 4:1–4:8 (2008)
Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of internet miscreants. In: Proceedings of CCS 2007, pp. 375–388 (2007)
Fraser, H.: Exploring black hole exploit kit (March 2012), http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit (Checked on September 10, 2012)
Grier, C., Ballard, L., Caballero, J., Chachra, N., Dietrich, C.J., Levchenko, K., Mavrommatis, P., McCoy, D., Nappa, A., Pitsillidis, A., Provos, N., Rafique, M.Z., Rajab, M.A., Rossow, C., Thomas, K., Paxson, V., Savage, S., Voelker, G.M.: Manufacturing compromise: the emergence of exploit-as-a-service. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 821–832. ACM, New York (2012)
Guido, D.: A case study of intelligence-driven defense. IEEE Security Privacy 9(6), 67–70 (2011)
Herley, C., Florencio, D.: Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In: Economics of Information Security and Privacy (2010)
Motoyama, M., McCoy, D., Savage, S., Voelker, G.M.: An analysis of underground forums. In: Proceedings of ICM 2011 (2011)
Namestnikov, Y.: IT threat evolution: Q1 2012 (May 2012), http://www.securelist.com/en/analysis/204792231/IT_Threat_Evolution_Q1_2012 (Checked on September 10, 2012)
Naranie, R.: Drive-by downloads. The web under siege (April 2009) (Checked on September 10, 2012)
Preuss, M., Diaz, V.: Exploit kits - a different view (February 2011), http://www.securelist.com/en/analysis/204792160/Exploit_Kits_A_Different_View (Checked on September 10, 2012)
Zhuge, J., Holz, T., Song, C., Guo, J., Han, X., Zou, W.: Studying malicious websites and the underground economy on the chinese web. In: Proceedings of MIRES, pp. 225–244 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kotov, V., Massacci, F. (2013). Anatomy of Exploit Kits. In: Jürjens, J., Livshits, B., Scandariato, R. (eds) Engineering Secure Software and Systems. ESSoS 2013. Lecture Notes in Computer Science, vol 7781. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36563-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-36563-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36562-1
Online ISBN: 978-3-642-36563-8
eBook Packages: Computer ScienceComputer Science (R0)