Help Net Security – (International) Exploit kit authors thrive due to PoC code released by whitehats. Having spent the last year following the development of the Blackhole exploit kit, a Sophos researcher says the last few exploits for zero-days added to it were all works of whitehat researchers who published their own exploit code online. In one particular case, the Blackhole author practically copy-pasted the published code into his exploit kit's code.
"The author of the Blackhole exploit kit seems to be more comfortable as a system integrator and Web application developer than anything else, and is far from being a hardcore vulnerability researcher," he comments. Other researchers have noted a similar pattern. A little over a year ago, iSec Partners researchers analyzed the (at the time) top 15 exploit kits, and discovered that among the exploits they used - 13 in all - 3 were developed and used by attackers engaged in so-called advanced persistent threats (APTs), and 10 were developed by whitehats.