"They are starting to pop up left and right," said Tim Eades from security company Sana, of the sites offering downloadable hacking tools. "It's the classic verticalisation of a market as it starts to mature."
For instance, 500 British pounds will get you MPack, a notorious tool that was able to compromise 10,000 website in a single attack. Bad guys also provide customized coding services to write programs that security software won't identify.
MPack is offered with regular upates and a statistics package so you know how successful you've been. And don't forget the volume pricing schemes and loyalty discounts.
"It's almost a play-by-play of good business practices of software marketing," he said. "When it comes to the hacking industry and level of business acumen there's no limit to what your money can buy."
The market for the tools, increasing numbers of which require little technical expertise, is enabled by the huge amount of vulnerabilities and the long delays in patching them, said Paul Henry, vice president of technology evangelism at Secure Computing.
"MPack used more than 12 different vulnerabilities that were launched against any web browser that visited any compromised site," he said.
The software business is risk-free for the developers. They need merely attach "a disclaimer that this was distributed for educational purposes and the user accepts any responsibility for any misuse," Henry said.