Cyber criminals have removed an attack kit from the web because its too expensive compared to other kits said security analysts at RSA's FraudAction Research Labs
Neosploit, which first appeared in 2007, was a follow-on to the earlier MPack, and a contemporary to another exploit kit, WebAttacker. Neosploit shared traits with other hacker tools in that it was modular and could be easily modified to include attack code aimed at the newest vulnerabilities in Windows, Internet Explorer or third-party software such Apple's QuickTime. But it also boasted features new to the click-to-attack business, including a sophisticated statistical analysis of exploit success.
At times, Neosploit, which was always assumed to have been created by one or more Russian hackers, was linked to the notorious Russian Business Network (RBN), a malware and hacker hosting network once based in St Petersburg.
Brady, however, said Neosploit's most distinguishing feature wasn't on the technical side. "The branding they had associated with it," he answered, when asked to describe what made Neosploit stand out. "The product worked as advertised, but it was more than anything a very credible brand."
Neither Thompson nor Brady expected the departure of Neosploit to dramatically change the security picture. "The Neosploit guys were somewhat innovative, so I'm perfectly happy to hear they're going out of business," Thompson said. "So the world is a little safer. But based on the increased activity we see, someone is making money somewhere."
"The market [for exploit kits] will continue," Brady said, "and [hackers] will continue to develop the latest and the greatest exploits. This is really no different than your average legitimate product, where one particular provider had a business model that didn't work."