A new exploit kit called the ‘Cool Exploit Kit' has been spotted with a rising number of detections over the past few months.
Said to be similar to the notorious Blackhole exploit kit but with a price tag ten times that - the Cool kit comes with a price tag of £6,000 a month, while Blackhole and other exploit kits can run anywhere from £300 to £934 a month – it comes with major investment into new exploits that will be used exclusively by Cool and not made public.
According to research by Blue Coat and security blogger Brian Krebs, the Cool kit was created by the same group who created Blackhole, led by the Russian ‘Paunch'.
Blue Coat's Chris Larsen and Jeff Doty said that Cool's rise to power has been impressive, as servers in the mixed-kit network greatly outnumber the servers that are hosting solely one type of exploit kit. “I haven't looked at all of them, but from a high-level perspective, it looks like most of them are hosting the Cool kit,” they said.
“We have also seen a couple of large IP subnets that are hosting a mix of Blackhole and Cool exploit kit sites.”
Krebs said in a recent blog that Cool is being used in ransomware attacks, and after talking with members of Paunch they emphasised that they would not buy exploits that were already public.
“It's unclear how many takers Paunch is attracting to Cool Exploit Kit with its hefty price tag, but according to Kafeine and others, the new kit is being used exclusively by two different crimeware gangs,” he said.