Shostack + Friends Blog Archive


Exploit Kit Statistics

On a fairly regular basis, I come across pages like this one from SANS, which contain fascinating information taken from exploit kit control panels:

Exploit Kit Control panel

There’s all sorts of interesting numbers in that picture. For example, the success rate for owning XP machines (19.61%) is three times that of Windows 7. (As an aside, the XP number is perhaps lower than “common wisdom” in the security community would have it.) There are also numbers for the success rates of exploits, ranging from Java OBE at 35% down to MDAC at 1.85%.

That’s not the only captured control panel. There’s more, for example, M86, Spider Labs and webroot.

I’m fascinated by these numbers, and have two questions:

  • Is anyone capturing the statistics shown and running statistics over time?
  • Is there an aggregation of all these captures? If not, what are the best search terms to find them?

One comment on "Exploit Kit Statistics"

  • Automated Controlled Systems says:

    Interesting article. I think that this information needs to be better utilized like you said.

Comments are closed.