The Cool exploit kit is pricier and packs more zero-day and attack functions than the infamous BlackHole kit, researchers say.
It was thought to be launched in October by the BlackHole developers led by a Russian hacker with the online alias Paunch.
On Monday, security journalist Brian Krebs confirmed that Paunch acknowledged responsibility for the Cool exploit kit on a semi-private cyber crime forum.
Exploit kits are sold on the black market as a means of easily serving malware from compromised sites. The kits often deliver exploits for vulnerabilities, both of the publicly known and unknown variety, in widely deployed software, such as Java or Adobe.
It's believed that Cool's hefty price tag – $10,000 a month, compared to the BlackHole kit's substantially lower cost of around $500 a month – covers the cyber crime group's $100,000 investment in zero-days for clients.
Blue Coat web security analyst Jeff Doty told SC other exploit kits have tried to replace BlackHole's influence in the market but none have grown at the pace as the Cool exploit kit.
“In the last couple of years, there have been a lot of exploit kits, but we block the IP addresses and we usually don't see too much from them after that,” Doty said.
“They don't grow as much as this Cool exploit kit. They also don't seem to be coded as well.”
Blue Coat researchers discovered that during last month alone, 204 new servers were hosting compromised web pages that delivered the Cool exploit kit to visitors.
In the same month, Blue Coat detected only 32 new servers hosting malicious pages serving up BlackHole.