This is the biggest threat on the internet at the moment and infection rates are still rising.
The Blackhole exploit kit is currently the most prevalent web threat, where 28% of all web threats detected by Sophos and 91% by AVG are due to this exploit kit.
[1] Its purpose is to deliver a malicious payload to a victim’s computer.
[2] The creators of the kit are suspected to be infamous Russian hackers: “HodLuM” and “Paunch”.
Basic summary of how Blackhole works
- The customer licenses the Blackhole exploit kit from the authors and specifies various options to customize the kit.
- A potential victim loads a compromised web page or opens a malicious link in a spammed email.
- The compromised web page or malicious link in the spammed email sends the user to a Blackhole exploit kit server’s landing page.
- This landing page contains obfuscated JavaScript that determines what is on the victim’s computers and loads all exploits to which this computer is vulnerable and sometimes a Java applet tag that loads a Java Trojan horse.
- If there is an exploit that is usable, the exploit loads and executes a payload on the victim’s computer and informs the Blackhole exploit kit server which exploit was used to load the payload.
Blackhole Email
TRENDS:
Spam email example claiming to be a transaction report
Spam email example claiming to be from a social networking siteThe most frequently observed subject lines in these attacks were:
[REMOVED] Urgent Notification
[REMOVED] Funding Notification
[REMOVED] Complaint activity report
Corporate [REMOVED] message – [REMOVED] pages
New invitation
Verify your account
Your Order
List of all Employer contributions scheduled on [REMOVED]