One might think that buying exploit code to create spyware would be sort of expensive. But it's not.
Security software maker Sophos reported that they found a site selling a spyware kit, WebAttacker, for $15. The kit comes with technical support and includes scripts that help automate the establishment of malicious Web sites. Intruders then send out mass mail inviting people to visit the site under various pretenses. When a person does visit then scripts try to infect the visitor's computer with a Trojan using a number of known vulnerabilities. The Trojan is typically designed to steal passwords and banking information, or log keystrokes.
The appearance of cheap kits such as WebAttacker will undoubtedly add to the number of people who turn to crime as a path towards "easy money."
"By simplifying the task of the potential hacker and making it available so cheaply, sites like this one will attract opportunists who aren't necessarily very skilled and turn them into cyber-criminals," said Carole Theriault, senior security consultant at Sophos. "\[A\]s long as the money continues to flow, there will be interested parties."