The Windows Club

What are Exploits and Exploit Kits?

We have seen what is meant by Security Vulnerabilities in computer parlance. Today we will see what is an Exploit and what are Exploit Kits. When a vulnerability is detected, an exploit follows, until a patch is issued to address the vulnerability. This is the basic difference in vulnerabilities and exploits. Now let us see them in a bit more detail – what are exploits and exploit kits.

A patch in time helps in preventing exploits. At the time of writing this article, the POODLE vulnerability was the biggest vulnerability known to people which made SSL 3.0 prone to exploits.

What are Exploits

Exploits are based on vulnerabilities – before they are patched. They allow hackers and attackers to run malicious code on your computer, without you even bing aware of it. The common Exploits our in Java, Doc & PDF documents, JavaScript and HTML.

One can define exploits as:

Attacks on a system (where the system can be part of computer, a computer, or a network as a whole; it can be software or hardware – including Intranets and databases thereof) to make use of a certain vulnerability of the system for personal/own benefits/advantages.

Thus, it is clear that “exploits” follow “vulnerabilities”. If a web criminal detects a vulnerability in any of the products on the Internet or elsewhere, she or he may attack the system containing the vulnerability to gain something or to deprive authorized users from using the product properly. A Zero-day vulnerability is a hole in software, firmware or hardware that is not yet known to the user, vendor or developer, and is exploited by hackers, before a patch for it is issued. Such attacks are called Zero-day exploits.

What are Exploit Kits

Exploit Kits are malicious toolkits that can be used to exploit vulnerabilities or security holes found in software and services. In short, they help you exploit vulnerabilities. These exploit kits contain good GUI interface to help even average users of the computer and Internet to target different vulnerabilities. Such kits are these days available freely on the Internet and come with Help documents, so that the buyers of the service can use the kits effectively. They are illegal, but are yet available and security agencies cannot do much about it, as the buyers and sellers go anonymous.

Commercial exploit kits have existed since at least 2006 in various forms, but early versions required a considerable amount of technical expertise to use, which limited their appeal among prospective attackers. This requirement changed in 2010 with the initial release of the Blackhole exploit kit, which was designed to be usable by novice attackers with limited technical skills—in short, anyone who wanted to be a cybercriminal and could afford to pay for the kit, says Microsoft.

Exploit kits are readily available on the Internet. You need not go into the Darknet or Deepnet to purchase an exploit kit as a standalone software or as a SaaS (software as a service). Though there is much available in the Darknet, payments are to be made in electronic currency such as the Bitcoins. There are many malicious hacker forums on the normal Internet that sell the exploit kits as a whole or as a service.

According to Microsoft,

“In addition to one-on-one transactions in which buyers purchase exclusive access to exploits, exploits are also monetized through exploit kits—collections of exploits bundled together and sold as commercial software or as a service.”

The exploit kits are constantly upgraded – to eliminate vulnerabilities that have been patched and to add new exploits for new vulnerabilities. It is a pity that the web criminals find out vulnerabilities, before the software vendors and developers do it. This makes it a high income business that lures many into purchasing the kits and exploiting the different products for their own advantage. The main software targeted are Windows, Java, Internet Explorer, Adobe Flash, etc – possibly due to their immense popularity and usage. You can see the graph below to know what percentage of exploit kits is targeted towards which products.

Apart from keeping your operating system and installed software up-to-date at all times and installing a good Internet security software, tools like Enhanced Mitigation Experience Toolkit, Secunia Personal Software InspectorSecPod Saner FreeMicrosoft Baseline Security Analyzer, Protector Plus Windows Vulnerability Scanner, Malwarebytes Anti-Exploit Tool and ExploitShield can help you identify and patch vulnerabilities and protect yourself against such attacks.