HOME

TheInfoList



Click Here for Items Related To - Blackhole exploit kit
OR:
Blackhole exploit kit on:   [Wikipedia]   [Google]   [Amazon]

The Blackhole exploit kit was, as of 2012, the most prevalent
web threat A web threat is any threat that uses the World Wide Web to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links ...
, where 29% of all web threats detected by
Sophos Sophos Group plc is a British based security software and hardware company. Sophos develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management. Sophos is primarily ...
and 91% by AVG are due to this
exploit kit An exploit kit is a tool used for automatically managing and deploying exploits against a target computer. Exploit kits allow attackers to deliver malware without having advanced knowledge of the exploits being used. Browser exploits are typica ...
. Its purpose is to deliver a malicious
payload Payload is the object or the entity which is being carried by an aircraft or launch vehicle. Sometimes payload also refers to the carrying capacity of an aircraft or launch vehicle, usually measured in terms of weight. Depending on the nature of ...
to a victim's computer. According to
Trend Micro is an American-Japanese multinational cyber security software company with global headquarters in Tokyo, Japan and Irving, Texas, United State.Other regional headquarters and R&D centers are located around East Asia, Southeast Asia, Europe, and ...
the majority of infections due to this exploit kit were done in a series of high volume
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
runs. The kit incorporates tracking mechanisms so that people maintaining the kit know considerable information about the victims arriving at the kit's
landing page In online marketing, a landing page, sometimes known as a "lead capture page", "single property page", "static page", "squeeze page" or a "destination page", is a single web page that appears in response to clicking on a search engine optimized se ...
. The information tracked includes the victim's country,
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
, browser and which piece of software on the victim's computer was exploited. These details are shown in the kit's user interface.


History

Blackhole exploit kit was released on "Malwox", an underground Russian hacking forum. It made its first appearance in 2010. The supposedly Russian creators use the names "HodLuM" and "Paunch". It was reported on October 7, 2013 that "Paunch" had been arrested. Dmitry "Paunch" Fedotov was sentenced to seven years in a Russian penal colony on April 12, 2016.


Function

# The customer licenses the Blackhole exploit kit from the authors and specifies various options to customize the kit. # A potential victim loads a compromised web page or opens a malicious link in a spammed email. # The compromised web page or malicious link in the spammed email sends the user to a Blackhole exploit kit server's landing page. # This landing page contains obfuscated
JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of Website, websites use JavaScript on the Client (computing), client side ...
that determines what is on the victim's computers and loads all exploits to which this computer is vulnerable and sometimes a
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...
applet In computing, an applet is any small application that performs one specific task that runs within the scope of a dedicated widget engine or a larger program, often as a plug-in. The term is frequently used to refer to a Java applet, a program w ...
tag that loads a Java Trojan horse. # If there is an exploit that is usable, the exploit loads and executes a payload on the victim's computer and informs the Blackhole exploit kit server which exploit was used to load the payload.


Defenses

A typical defensive posture against this and other advanced malware includes, at a minimum, each of the following: * Ensuring that the browser, browser's plugins, and operating system are up to date. The Blackhole exploit kit targets vulnerabilities in old versions of browsers such as
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and ...
,
Google Chrome Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS ...
,
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical user interface, graphical web browsers developed by Microsoft which was used in the Microsoft Wind ...
and
Safari A safari (; ) is an overland journey to observe wild animals, especially in eastern or southern Africa. The so-called "Big Five" game animals of Africa – lion, leopard, rhinoceros, elephant, and Cape buffalo – particularly form an importa ...
as well as many popular plugins such as
Adobe Flash Adobe Flash (formerly Macromedia Flash and FutureSplash) is a multimedia Computing platform, software platform used for production of Flash animation, animations, rich web applications, application software, desktop applications, mobile apps, mo ...
,
Adobe Acrobat Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format (PDF) files. The family comprises Acrobat Reader (formerly Reader), Acrobat (forme ...
and
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...
. * Running a security utility with a good antivirus ''and'' good host-based intrusion prevention system (HIPS). Due to the
polymorphic code In computing, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact - that is, the ''code'' changes itself every time it runs, but the ''function'' of the code (its semantics) will not chang ...
used in generating variants of the Blackhole exploit kit, antivirus signatures will lag behind the automated generation of new variants of the Blackhole exploit kit, while changing the algorithm used to load malware onto victims' computers takes more effort from the developers of this exploit kit. A good HIPS will defend against new variants of the Blackhole exploit kit that use previously known algorithms.


See also

*
Backdoor (computing) A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a "homunculus compu ...
*
Botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
*
Computer virus A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a compu ...
*
Exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: *Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploitat ...
*
HackTool.Win32.HackAV A key generator (key-gen) is a computer program that generates a product licensing key, such as a serial number, necessary to activate for use of a software application. Keygens may be legitimately distributed by software manufacturers for lic ...
*
MPack (software) In computer security, MPack is a PHP-based malware kit produced by Russian crackers. The first version was released in December 2006. Since then a new version is thought to have been released roughly every month. It is thought to have been used ...
*
Spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their privac ...
*
Trojan horse (computing) In computing, a Trojan horse is any malware that misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy. Trojans generally spread by some form ...
*
DarkComet DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur (known as DarkCoderSc), an independent programmer and computer security coder from France. Although the RAT was developed back in 2008, it began to proliferate at the sta ...
– (Trojan / RAT)


References

Trojan horses Malware toolkits {{Malware-stub