Exploit kits are involved nowadays in most malware attacks aimed at individual users.
Such tools are a class of server-side malware used by professional cybercriminals to efficiently attack and deliver malware payloads over the Web to large numbers of users on different hardware, operating system and browser configurations. Exploit kits use sophisticated techniques to evade detection both by antivirus software and malicious site blocking (safe-browsing) systems. In this presentation, we analyze some exploit kit samples collected in the wild, to reveal an entire underground market ecosystem of these software, complete with complex licensing schemes, customer support, and even affiliate programmes. We then demonstrate how an enterprising cybercriminal may attempt to get an upper hand in the competition of exploit kits by enhancing their copy with custom modifications.