Blackhole Exploits

• The Blackhole exploit kit is the most prevalent web threat. Its purpose is to deliver a malicious payload to a victim's computer. The majority of infections due to this exploit kit are done in a series of high volume spam runs. The kit incorporates tracking mechanisms so that people maintaining the kit get to know considerable information about the victims, which includes the victims country, operating system, browser and which piece of software on the victims computer was exploited.

Description

A Russian hacking forum first released the Blackhole exploit. BlackHole is commercial crime ware designed to be stitched into hacked or malicious sites and exploit a variety of Web-browser vulnerabilities for the purposes of installing malware of the customer’s choosing. The price of renting the kit ran from $500 to $700 each month. For an extra $50 a month, the originators also rented customers “crypting” services which are designed to obfuscate malicious software so that it remains undetectable by antivirus software.[1]

The Blackhole creator worked with several other cybercriminals to purchase new exploits and security vulnerabilities that could be rolled into Blackhole and help increase the success of the software.

Executive Guidance

A typical defense ensures that the browser, browser's plugins, and operating system are up to date. Protection also includes running a security utility with a good antivirus and good host-based intrusion prevention system. Due to polymorphic code used in generating variants of the Blackhole exploit kit, antivirus signatures will lag behind the automated generation of new variants of the Blackhole exploit kit, while changing the algorithm used to load malware onto victims' computers takes more effort from the developers of this exploit kit.

---

[1] http://krebsonsecurity.com/tag/blackhole/