Yuval Ben-Itzhak, Finjan chief technology officer, said today that the toolkit uses three different methods of obfuscation to avoid detection and is simple to use.
“It's a very successful model. You no longer have to be a computer expert or have computer-science skills. You can pay $100 and have it put on a server you've already compromised,” he told SCMagazineUS.com today. “[The toolkits] have online reporting and they have automatic updates, so if Microsoft pushes a patch, they can make an adjustment.”
The toolkit targets users by embedding dynamic malicious script into the websites themselves. About 80 percent of pages hosting malicious software or drive-by downloads in 2007 were part of legitimate sites, according to Finjan.
The embedded malicious code does not appear on the trusted site after an end-user's first appearance, making the malware difficult to track, according to researchers at the San Jose, Calif.-based anti-virus vendor.
Two months ago, researchers at Exploit Prevention Labs, now a part of Grisoft, discovered malicious banner ads on the websites of Major League Baseball and the National Hockey League.
Finjan last week warned end-users that cybercriminals are on the verge of creating trojans designed specifically to take advantage of Web 2.0 technologies and social networking websites.
Ben-Itzhak said the toolkit is still serving malware to unexpecting end-users.
“It's still active. We first noticed it in mid-December and our servers indicated it's still alive and kicking,” he said. “It was serving as much as 14 million banners a week and almost all of them were malicious.”