Researchers at RSA’s FraudAction Research Lab are reporting that the group behind the Neosploit malware infection tool kit may have thrown in the towel, which, if true, means an end to one of the badware industry’s most successful and high-profile business ventures thus far.
It’s hard to pinpoint exactly when researchers first noticed the malware development framework being sold on underground bulletin boards, but Neosploit has been around for at least the last two years or so.
And, as RSA experts point out, based on its ease of use, wide availability and relatively low buy-in cost (it’s typically offered for between $1,500 and $3,000) the tool kit has become one of the most popular framework-driven means of launching malware attacks over the course of its run.
More importantly, Neosploit paved the way for other professional-grade malware tool kits such as the MPack and IcePack frameworks, among others, with the manner in which it was marketed as a professionally supported product, offering active customer service and code updates just as companies provide for their legitimate software programs.
In that sense, Neosploit is seminal in that it helped establish the professional malware development model, which continues to flourish worldwide and will likely do so for many years to come, if not eternally.
However, RSA‘s researchers contend that the people behind Neosploit appear to have cut off support to their customers and do not plan to update the tool kit any further after releasing several smallish upgrades since mid-April.
According to the experts, the Neosploit team began distributing an “out of business” message to customers sometime in the last several weeks.
The missive reads (translated from Cyrillic):
“Unfortunately, supporting our product is no longer possible. We apologize for any inconvenience, but business is business since the amount of time spent on this project does not justify itself. We tried hard to satisfy our clients’ needs during the last few months, but the support had to end at some point. We were 1.5 years with you and hope that this was a good time for your business. Now we will not be with you, but nevertheless we wish that your businesses will prosper for a long time! Good luck all, The Neosploit Team!”
You can at least say these guys are professional until the end.
However, the downside to all of this is that it’s likely that Neosploit was only killed off by its own success, as the cost of supporting large volumes of customers made the project infeasible to continue to support.
“It is likely that Neosploit was finding it difficult to sustain its new customer acquisition rate, and that its existing customers were not generating enough revenue to sustain the prior rate of development. These problems appear to have been too much of a burden, and we now believe that the Neosploit development team has been forced to abandon its product,” RSA researchers said in their blog.
Ultimately, the people behind the project will probably figure out a smarter way to build their business and come back with something even better sometime soon — as RSA experts also pointed out.
“Like any responsible business, the Neosploit team is trying to be remembered as a good business that might one day return. Whether or not Neosploit will actually cease its business, and whether or not it will return, is a question that only time can answer,” the researchers said. “However, there’s no doubt that when the demand is high enough someone will step up to the plate and fulfill the need for a professional malware infection kit — Neosploit or not.”
We shall see, but I’d guess that they’re right on the money, in particular because Neosploit was “on the money” too, and lots of it.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.