The Blackhole Exploit Kit, one of the more popular methods of delivering criminal malware to unsuspecting users, has run into a number of difficulties in the last few days. The leading crimeware kit, which has usually been updated as often as twice a day to stay ahead of antivirus detection rules, has not been updated in over a week. This comes amid rumors of the arrest of “Paunch”, the kit’s creator, in Russia. Russian authorities have confirmed the arrest to Europol and news agencies.
The Blackhole kit is by far the most popular exploit injection architecture in recent use, and typically operates through using infected sites to foist java vulnerabilities and criminal malware on unsuspecting surfers, though it has also been used to attack users through phishing emails with links to malicious sites. While other services are used to manage the development of the specific exploit payloads (Zeus is a standout in this category), the objective of the Blackhole kit and similar programs is serving these payloads up to users using java and other platform vulnerabilities. The arrest of “Paunch” will no doubt lead to the market migrating to other service providers. It must be remembered that this niche is incredibly lucrative- user licenses for Blackhole cost up to $50 per day, or $500 per month.
Dan Gifford – MCySec Media Manager