Video: How a crimepack works

James Lyne of Sophos gives us a demonstration of how an exploit kit operates and reveals what kind of techniques and information cybercriminals are using to infect computers

Cybercriminals are as organized and industrious as any legitimate business. Case in point: exploit kits, also known as crimepacks, which bad guys can purchase and which make infecting computers with malware as simple as point and click. The software, often available for purchase for only a few hundred dollars, also gives the criminal comprehensive, real-time information about the machines it has impacted.

With an exploit kit, criminals can "get new malware, infect web sites, build business intelligence and manage an overall malicious campaign," according to James Lyne, director of technology strategy for security firm Sophos.

[Siberian exploit kit circumvents traditional security]

In this video, Lyne walked us through the dashboard of a crimepack that has been around for several years called IcePack, and gave an overview of how the exploit works and the information contained in the reporting interfaces.

Lyne notes the kit reveals just how crafty criminals have become in covering their tracks, too.

"If I try to access this campaign again for a second time, I am automatically redirected to a URL that doesnt exist," he explained. "The bad guys have black-holed me so I can no longer get new copies of the malware and it is therefore hard to get information about their campaign."

Much like the blacklists used by antivirus software makers, criminals are creating what Lyne calls "good-guy blacklists," to keep security vendors and analysts at bay.

"The techniques were using against them in 2011 and 212, they are using back against us," he said.

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!