Fandom

Virus Information

Blackhole exploit kit

245pages on
this wiki
Add New Page
Talk0 Share

Template:One source The Blackhole exploit kit is currentlyTemplate:When the most prevalent web threat, where 28% of all web threats detected by Sophos and 91% by AVG are due to this exploit kit.[1] Its purpose is to deliver a malicious payload to a victim's computer.[2] The supposedly Russian creators use the names "HodLuM" and "Paunch".

Basic summary of how Blackhole works Edit

  1. The customer licenses the Blackhole exploit kit from the authors and specifies various options to customize the kit.
  2. A potential victim loads a compromised web page or opens a malicious link in a spammed email.
  3. The compromised web page or malicious link in the spammed email sends the user to a Blackhole exploit kit server's landing page.
  4. This landing page contains obfuscated JavaScript that determines what is on the victim's computers and loads all exploits to which this computer is vulnerable and sometimes a Java applet tag that loads a Java Trojan horse.
  5. If there is an exploit that is usable, the exploit loads and executes a payload on the victim's computer and informs the Blackhole exploit kit server which exploit was used to load the payload.

Defenses against the Blackhole exploit kit Edit

A typical defensive posture against this and other advanced malware includes, at a minimum, each of the following:

  • Ensuring that the browser, browser's plugins, and operating system are up to date. The Blackhole exploit kit targets vulnerabilities in old versions of browsers such as Firefox, Google Chrome, Internet Explorer and Safari as well as many popular plugins like Adobe Flash, Adobe Acrobat and Java.
  • Running a security utility with a good antivirus and good host-based intrusion prevention system (HIPS). Due to the polymorphic code used in generating variants of the Blackhole exploit kit, antivirus signatures will lag behind the automated generation of new variants of the Blackhole exploit kit, while changing the algorithm used to load malware onto victims' computers takes more effort from the developers of this exploit kit. A good HIPS will defend against new variants of the Blackhole exploit kit that use previously known algorithms.

First Release on the Internet Edit

Blackhole exploit kit was released on "Malwox", an underground Russian hacking forum.

References Edit

  1. Template:Cite web
  2. Template:Cite web

Template:Malware-stub

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.