Malware analysts received unrestricted access to the components of the GhostDNS exploit kit after the malware package essentially fell into their lap. The complete source code for the malware kit and multiple phishing pages, all compressed in a RAR archive, was uploaded to a file-sharing platform by a careless user with obvious cybercriminal intentions. The uploader, however, did not protect the archive with a password and had Avast antivirus installed and left active the Web Shield component, which protects against malicious web content. Avast found only eight usernames and passwords, all being the most used in Brazil.
Source: https://www.bleepingcomputer.com/news/security/ghostdns-exploit-kit-source-code-leaked-to-antivirus-company/