This is the biggest threat on the internet at the moment and infection rates are still rising.
The Blackhole exploit kit is currently the most prevalent web threat, where 28% of all web threats detected by Sophos and 91% by AVG are due to this exploit kit.
 Its purpose is to deliver a malicious payload to a victim’s computer.
 The creators of the kit are suspected to be infamous Russian hackers: “HodLuM” and “Paunch”.
Basic summary of how Blackhole works
- The customer licenses the Blackhole exploit kit from the authors and specifies various options to customize the kit.
- A potential victim loads a compromised web page or opens a malicious link in a spammed email.
- The compromised web page or malicious link in the spammed email sends the user to a Blackhole exploit kit server’s landing page.
- If there is an exploit that is usable, the exploit loads and executes a payload on the victim’s computer and informs the Blackhole exploit kit server which exploit was used to load the payload.
Spam email example claiming to be a transaction report
Spam email example claiming to be from a social networking site
The most frequently observed subject lines in these attacks were:
[REMOVED] Urgent Notification
[REMOVED] Funding Notification
[REMOVED] Complaint activity report
Corporate [REMOVED] message – [REMOVED] pages
Verify your account
List of all Employer contributions scheduled on [REMOVED]