According to Atlanta, Gerogia-based Exploit Prevention Labs, a multi-exploit hack pack was behind 70.9% of all Web-based attacks throughout December 2006. The kit includes up to a dozen different exploits, including several derived from the proof-of-concept code published in July 2006 by HD Moore as a part of the "Month of Browser Bugs" project. The package"s heavy encryption prevents the determination of the exact number of exploits within, according to Exploit Prevention"s CEO, Roger Thompson.
"The dominance of this package reinforces the fact that the development and release of exploits frequently parallels legitimate software businesses. The bad guys are working hard to update and release tweaks to existing exploits at least in part because developing a new exploit is a complex development task," said Thompson.