Cyber criminals have removed an attack kit from the web because its too expensive compared to other kits, and therefore not making a profit, said security analysts at RSA's FraudAction Research Labs.
The analysts said they had evidence that the makers of Neosploit, a well-known infection kit used by online criminals to apply multiple exploits against PCs, were abandoning the business.
RSA, which regularly monitored the forums and chatrooms where Neosploit's developers marketed their product, was confident that the group was giving up on the kit, although not on cybercrime.
"Even we assume that this isn't necessarily the end of this group," said Sean Brady, a product marketing manager in RSA's ID and access assurance group, which includes the FraudAction lab.
In a blog, RSA quoted a going-out-of-business message in Russian said to have originated with Neosploit's authors.
"Unfortunately, supporting our product is no longer possible," RSA's translation read. "We apologise for any inconvenience, but business is business since the amount of time spent on this project does not justify itself. Now we will not be with you, but nevertheless we wish that your businesses will prosper for a long time!"
According to RSA, updates to Neosploit, which had a reputation for being frequent, slowed this summer, with just one new version since early June. In April and May, Neosploit's makers released two updates.
RSA speculated that Neosploit's demise was driven by the same problems that face legitimate capitalism. "Our gut feeling is that their cost structure was out of whack given its functionality and the price of the competition," Brady said.
"It was entirely about price point. Many kits do succeed. They've been the genesis of the growth of phishing [attacks] and Trojan horses."
Brady wouldn't hazard a guess about recent prices Neosploit's developers charged for the kit, saying only that: "It apparently did have a high cost." Others, however, have previously pegged the price at between £500 and £1,500.
Roger Thompson, chief research officer of Czech Republic-based security vendor AVG Technologies, called the news of Neosploit's end "plausible".
"They were very vigorous at updating Neosploit, sometimes two or three times a month, and I haven't seen anything new from them for a couple of months now. That would explain it," he said.
NEXT PAGE: More on Neosploit