Attack toolkits are bundles of malicious code tools used to facilitate the launch of concerted and widespread attacks on networked computers. Also known as crimeware, these kits are usually composed of prewritten malicious code for exploiting vulnerabilities along with various tools to customize, deploy, and automate widespread attacks, such as command-and-control (C&C) server administration tools.

As with a majority of malicious code in the threat landscape, attack kits are typically used to enable the theft of sensitive information or to convert compromised computers into a network of zombie bots (botnet) in order to mount additional attacks. These kits are advertised and sold in the online underground economy—a black market of servers and forums used to advertise and trade stolen information and services.

Symantec has found that attack kits are significantly advancing the evolution of cybercrime into a self-sustaining, profitable, and increasingly organized economic model worth millions of dollars.