Exploit(-kits)Exploits are pieces of code, sequences of commands, or collections of data. Exploit kits are collections of exploits, typically: fileless malware. They are used to take advantage of vulnerabilities in an operating system or an installed application. They can be injected directly into memory. Not all vulnerabilities can be easily exploited. Sometimes the nature of a particular vulnerability is such that hackers can't figure out how to write code that exploits it. Though an exploit attack can contain malware, the exploit itself is not malicious, but an attacker can use an exploit to gain access to a computer system and then install malware on it.
Typically, a victim is lured through a phishing e-mail or social engineering. The exploit kit usually includes exploits for a number of vulnerabilities and a management console that the attacker can use to control the system. In some cases, the exploit kit will include the ability to scan the targeted system for vulnerabilities and then craft and launch a customized exploit on the fly.