Russia dominating automated malware kit market

Phishing kits can be bought for as little as $400

Russia is dominating the market for automated malware creation kits that are sold online to phishers and data thieves.

A new report from M86 Security, entitled Web Exploits: There's an App for That (PDF), found that the majority of new malware creation kits, such as Adpack and Fragus, are being sold in Russia.

The company had seen a big increase in the size and complexity of such kits, and said that more than a dozen had launched in the past six months.

"People can launch attacks without even knowing a line of code, and the infrastructure now exists to pay the attacker per exploit achieved," said Bradley Anstis, vice president of technology strategy at M86 Security.

"With an attack kit there is literally 'an app for that' and it is driving the explosive growth in internet-borne threats such as spam and zero-day attacks with new kits popping up every day."

Software to automatically generate malware has been around for some years, but has now evolved into a complex business.

Some kits just offer code generation, while others sell full-service packages that update the creation engine to keep ahead of security companies.

Prices for the kits range from $400 to $1,000 (£260 to £650) and additional hosting services are often offered in case the attacker's primary site is taken down.

The report also found a thriving trade in third-party payments, where attackers receive a commission based on the amount of third-party malware installed on a victim's system.

The price varies based on geography. Infecting 1,000 computers in the US, for example, would net the attacker $170 (£110), compared to $110 (£72) in the UK and $50 (£32) in Europe and Australia.