Another widely available toolkit in early 2007 - called MPack - sold online for $1,000 and allowed users to launch attacks in Web browsers against people who surf on malicious or compromised sites. In some cases it appeared to come with a support pack from its authors, Symantec said.
"The reliability and robustness of MPack implies that it benefited from professional development," researchers wrote.
Other researchers discovered more hopeful signs.
According to a report expected Monday from IBM Corp.'s Internet Security Systems X-Force researchers, the number of computer vulnerabilities either publicly disclosed by companies or discovered by threat researchers declined during the first half of the year.
IBM tallied 3,273 vulnerabilities - down 3.3 percent from the first half of last year. IBM said it was the first time the vulnerability numbers fell during the first half of the year since X-Force began cataloging them in 1997, when there were 106 known vulnerabilities.