"The relative simplicity and effectiveness of attack kits has contributed to their increased use in cybercrime.
"These kits are now being used in the majority of malicious internet attacks."
The underground economy was booming because of the tool kits.
Once, hackers and malware writers only wanted the fame of being recognised in the media.
Now, they wanted to make a lot of money, he said in an interview.
One major kit - ZeuS - posed a serious threat to small businesses.
The main objective of ZeuS was to steal bank account credentials.
Unfortunately, smaller businesses had fewer safeguards in place to guard their financial transactions, making them a prime target for ZeuS.
The profitability of malicious code attacks using ZeuS was recently illustrated with the arrests of a ring of cybercriminals which allegedly used a ZeuS botnet in the theft of more than $US70 million ($NZ90.9 million) from online banking and trading accounts over an 18-month period, Mr Sparkes said.
In past years, banks and financial institutions had been the main target of malicious attacks, but now smaller businesses had to put in the same sorts of defence safeguards as the larger organisations.
As cyber-attacks had become more profitable, the popularity of attack kits had dramatically increased.
"This in turn has led to increasingly robust and sophisticated kits."
The kits were now often sold on a subscription-based model with regular updates, components that extended capabilities and support services.
Cybercriminals routinely advertised installation services, rented limited access to kit consoles and used commercial anti-piracy tools to prevent attackers from using the tools without paying, he said.
The speed at which new vulnerabilities and their exploits were spread had increased due to innovations that attack kit developers had integrated into their products.
Attack kits were now easy to update, which allowed developers to quickly add exploit codes.
"The result is that some exploits are in the wild just days after the associated vulnerability becomes public.
"Attackers who can easily update their attack kits with recent exploits are able to target potential victims before they apply necessary patches."
Because attack kits were becoming easier to use, cybercrime was no longer limited to those with advanced programming skills, Mr Sparkes warned users.
Participants now included a mix of individuals with computer skills and those with expertise in traditional criminal activities, such as money laundering.
It was unlikely that individuals would act alone in buying the kits, with ZeuS 2.0 advertised for sale in the United States last year at $US8000, he said.
Individuals with specialised skills were more likely to band together to form a larger group and attack on several levels.
The first tool kits were seen in 1992 and were "fairly unsophisticated".
In the past two years, the tool kits had become much more sophisticated and more widely used.
As the sophistication of the tool kits increased, Symantec increased the sophistication of its protection to the next level, he said.
Symantec expected a much larger pool of criminals to enter the "business" which would lead to an increase in the number of attacks.
Many of the tool kits were being written in developing nations as the information technology infrastructure developed and education levels improved.
China and Russia were the leading developers of the tool kits but it was possible for someone in New Zealand or Australia to hide themselves virtually in Eastern European countries if they were developing the kits, Mr Sparkes said.
There had been a lot of work between Western nations to stop cybercrime but many other countries were less vigilant on cyber law, he said.
Symantec recommended internet users ensure their patches were up to date, their security software was updated regularly and they put in blocks for malicious web pages.