Hackers shut down Neosploit attack kit

Well-known infection kit used by cyber criminals abandoned.

A noted hacker attack kit has been retired from service by its criminal creators, most likely because it was priced too high compared to the competition, researchers said Tuesday.

Last week, security analysts at RSA's FraudAction Research Labs said they had evidence that the makers of Neosploit, a well-known infection kit used by online criminals to apply multiple exploits against PCs, -- were abandoning the business.

RSA, which regularly monitored the forums and chat rooms where Neosploit's developers marketed their product, was confident that the group was giving up on the kit, though not on hacking. "Even we assume that this isn't necessarily the end of this group," said Sean Brady, a product marketing manager in RSA's ID and access assurance group, which includes the FraudAction lab.

In its blog post, RSA quoted a going-out-of-business message in Russian said to have originated with Neosploit's authors. "Unfortunately, supporting our product is no longer possible," RSA's translation read. "We apologize for any inconvenience, but business is business since the amount of time spent on this project does not justify itself. Now we will not be with you, but nevertheless we wish that your businesses will prosper for a long time!"

According to RSA, updates to Neosploit, which had a reputation for frequent updates, slowed this summer, with just one new version since early June. In April and May, Neosploit's makers released two updates.

RSA speculated that Neosploit's demise was driven by the same problems that face legitimate capitalism. "Our gut feeling is that their cost structure was out of whack given its functionality and the price of the competition," Brady said. "It was entirely about price point. Many kits do succeed. They've been the genesis of the growth of phishing [attacks] and Trojan horses."

Brady wouldn't hazard a guess about recent prices Neosploit's developers charged for the kit, saying only that: "It apparently did have a high cost." Others, however, have previously pegged the price at between US$1,000 and $3,000.

Roger Thompson, chief research officer of Czech Republic-based security vendor AVG Technologies, called the news of Neosploit's end "plausible," via instant messaging. "They were very vigorous at updating Neosploit, sometimes two or three times a month, and I haven't seen anything new from them for a couple of months now. That would explain it," he said.

Neosploit, which first appeared in 2007, was a follow-on to the earlier MPack, and a contemporary to another exploit kit, WebAttacker. Neosploit shared traits with other hacker tools in that it was modular and could be easily modified to include attack code aimed at the newest vulnerabilities in Windows, Internet Explorer or third-party software such as Apple's QuickTime. But it also boasted features new to the click-to-attack business, including a sophisticated statistical analysis of exploit success.

At times, Neosploit, which was always assumed to have been created by one or more Russian hackers, was linked to the notorious Russian Business Network (RBN), a malware and hacker hosting network once based in St. Petersburg.

Brady, however, said Neosploit's most distinguishing feature wasn't on the technical side. "The branding they had associated with it," he answered, when asked to describe what made Neosploit stand out. "The product worked as advertised, but it was more than anything a very credible brand."

Neither Thompson nor Brady expected the departure of Neosploit to dramatically change the security picture. "The Neosploit guys were somewhat innovative, so I'm perfectly happy to hear they're going out of business," Thompson said. "So the world is a little safer. But based on the increased activity we see, someone is making money somewhere."

"The market [for exploit kits] will continue," Brady said, "and [hackers] will continue to develop the latest and the greatest exploits. This is really no different than your average legitimate product, where one particular provider had a business model that didn't work."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?