Blackhole exploit kit
   HOME

TheInfoList



Click Here for Items Related To - Blackhole exploit kit
OR:
Blackhole exploit kit on:   [Wikipedia]   [Google]   [Amazon]

The Blackhole exploit kit was, as of 2012, the most prevalent web threat, where 29% of all web threats detected by Sophos and 91% by AVG are due to this exploit kit. Its purpose is to deliver a malicious payload to a victim's computer. According to
Trend Micro is an American-Japanese multinational cyber security software company with global headquarters in Tokyo, Japan and Irving, Texas, United State.Other regional headquarters and R&D centers are located around East Asia, Southeast Asia, Europe, and ...
the majority of infections due to this exploit kit were done in a series of high volume spam runs. The kit incorporates tracking mechanisms so that people maintaining the kit know considerable information about the victims arriving at the kit's
landing page In online marketing, a landing page, sometimes known as a "lead capture page", "single property page", "static page", "squeeze page" or a "destination page", is a single web page that appears in response to clicking on a search engine optimized s ...
. The information tracked includes the victim's country,
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also i ...
, browser and which piece of software on the victim's computer was exploited. These details are shown in the kit's user interface.


History

Blackhole exploit kit was released on "Malwox", an underground Russian hacking forum. It made its first appearance in 2010. The supposedly Russian creators use the names "HodLuM" and "Paunch". It was reported on October 7, 2013 that "Paunch" had been arrested. Dmitry "Paunch" Fedotov was sentenced to seven years in a Russian penal colony on April 12, 2016.


Function

# The customer licenses the Blackhole exploit kit from the authors and specifies various options to customize the kit. # A potential victim loads a compromised web page or opens a malicious link in a spammed email. # The compromised web page or malicious link in the spammed email sends the user to a Blackhole exploit kit server's landing page. # This landing page contains obfuscated
JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of websites use JavaScript on the client side for webpage behavior, of ...
that determines what is on the victim's computers and loads all exploits to which this computer is vulnerable and sometimes a
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mos ...
applet In computing, an applet is any small application that performs one specific task that runs within the scope of a dedicated widget engine or a larger program, often as a plug-in. The term is frequently used to refer to a Java applet, a program ...
tag that loads a Java Trojan horse. # If there is an exploit that is usable, the exploit loads and executes a payload on the victim's computer and informs the Blackhole exploit kit server which exploit was used to load the payload.


Defenses

A typical defensive posture against this and other advanced malware includes, at a minimum, each of the following: * Ensuring that the browser, browser's plugins, and operating system are up to date. The Blackhole exploit kit targets vulnerabilities in old versions of browsers such as
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current ...
, Google Chrome,
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical web browsers developed by Microsoft which was used in the Windows line of operating systems ( ...
and Safari as well as many popular plugins such as
Adobe Flash Adobe Flash (formerly Macromedia Flash and FutureSplash) is a multimedia software platform used for production of animations, rich web applications, desktop applications, mobile apps, mobile games, and embedded web browser video players. Fla ...
, Adobe Acrobat and
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mos ...
. * Running a security utility with a good antivirus ''and'' good host-based intrusion prevention system (HIPS). Due to the
polymorphic code In computing, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact - that is, the ''code'' changes itself every time it runs, but the ''function'' of the code (its semantics) will not chang ...
used in generating variants of the Blackhole exploit kit, antivirus signatures will lag behind the automated generation of new variants of the Blackhole exploit kit, while changing the algorithm used to load malware onto victims' computers takes more effort from the developers of this exploit kit. A good HIPS will defend against new variants of the Blackhole exploit kit that use previously known algorithms.


See also

*
Backdoor (computing) A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a "homunculus co ...
*
Botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
* Computer virus *
Exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: *Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploitat ...
* HackTool.Win32.HackAV * MPack (software) *
Spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their priva ...
*
Trojan horse (computing) In computing, a Trojan horse is any malware that misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy. Trojans generally spread by some fo ...
* DarkComet – (Trojan / RAT)


References

Trojan horses Malware toolkits {{Malware-stub