With web malware exploitation kits, continuing to represent the attack method of choice for the majority of cybercriminals thanks to the overall susceptibility of end and enterprise users to client-side exploitation attacks, it's always worth taking a peek inside them from the perspective of the malicious attacker.
In this post, we'll take a peek inside three web malware exploitation kits, and discuss what makes them think in terms of infected OSs, browser plugins and client-side exploits.
_Dragon Pack Web Malware Exploitation Kit
_Dragon Exploit Pack
The Dragon Exploit Pack has 45 successful loads based on 587 unique visitors, with the JavaJDK exploit executed successfully 42 times. The kit is counting 13 successful loads on MSIE 8, and another 20 on Firefox, with 14 successful loads recorded for Windows XP, 2 on Windows XP SP2, 12 on Windows Vista and 15 on Windows 7.
_Katrin Exploit Pack
The kit is counting 452 successful exploitation attempts against MSIE 5, 786 against MSIE7, 1198 against MSIE 8, 274 against Chrome, 522 against Firefox, 24 against Opera and 14 against Safari. The majority of loads have affected Windows XP installations, with 2107 successful loads targeting the OS, following 625 on Windows Vista, and 503 on Windows 7.
_Liberty Exploit Pack
_Bleeding Life Exploit Pack
The majority of the infected population is based in the U.S, United Kingdom, Qatar, and Malaysia. Windows XP has the highest market share of infected OSs, with 336 successful loads based on 2098 unique visitors. Followed by Windows 7 with 139 loads based on 1256 unique visitors, and 73 unique loads based on 719 unique visitors for Windows Vista.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.