Software used for years by hackers and criminals have now become mainstream and, as we have mentioned before, hacking and cyber crime have been professionalized. As such, tool kits that enable these activities have been packaged for sale and wide dispersion across the Internet. These cyber attack tool kits make it possible to automate hacking, espionage, fraud, and much more. These top hacking tools are now being sold for prices ranging from less than $100 and up to $50,000.
And you wont believe this: The most advanced packages come with customer service/support. In at least one case the package includes 12 months of technical support and updates to ensure the kits stay up to date on the latest web vulnerabilities.
Arguably the most advanced hacker tool kit is MPack. According to Intelomics, MPack is a PHP-based malware kit with high quality key-logging capabilities that sells for between $500 to $1,000 USD and the first version was released in December of 2006. It is believed to have been produced by RBN, a multi-faceted cybercrime organization and appears to come with support and monthly updates.
RBN and their support units provide scripts and executables to make MPack undetectable by antivirus software. Every time MPack is generated it looks different to the anti-virus engines and it often goes undetected. The modularization of delivery platform and malicious instructions is a growing design in cyber weapons. MPack is very popular and powerful. In June 2007, it was used by a single person to attack and compromise over 10,000 websites in a single assault.
FACT: In 2007 a new piece of malware was identified every 45 seconds.
These tools have become common place and are quite affordable. Paul Henry, VP at Secure Computing, estimates there are currently about 68,000 cyber attack tools available for download and the number is growing fast. In some cases these tool kits are sold under the heading of "Penetration Testing Products," a legitimate and useful product.
However, the automation that enables multi-site scanning and intrusion would have very little applicability in the real security testing world. Experts have estimated that the underground market for cyber attack tools is in the hundreds of millions of dollars worldwide.
Note: MPack should not be confused with mpack, which is a harmless command-line utility.
Common Cyber Weapons and Attack Tools:MPack, SQLNinja Shark 2, WFuzzNuclear, ProxyStrikeWebAttacker, WiresharkIcePack, httpReconJohn the Ripper, Exploit-MeUSB thief, BurpKismet, Metasploit