Content deleted Content added
m fixed Java linkage |
Citation bot (talk | contribs) Added date. | Use this bot. Report bugs. | Suggested by Abductive | Category:Articles needing cleanup from May 2025 | #UCB_Category 383/402 |
||
| (34 intermediate revisions by 29 users not shown) | |||
Line 1:
{{Short description|Malware toolkit}}
{{about|the exploit kit|other uses|black hole (disambiguation)}}
The '''Blackhole exploit kit''' is{{When|date=March 2013}} the most prevalent [[web threat]], where 28% of all web threats detected by [[Sophos]] and 91% by [[AVG (software)|AVG]] are due to this exploit kit.<ref name="Howard4.1">{{cite web |url=http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-14/ |title=Exploring the Blackhole exploit kit: 4.1 Distribution of web threats|last1=Howard |first1=Fraser |date=March 29, 2012 |work=Naked Security |publisher=[[Sophos]] |accessdate=April 26, 2012}}</ref> Its purpose is to deliver a malicious payload to a victim's computer.<ref name="Howard2.3.4">{{cite web |url=http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-14/ |title=Exploring the Blackhole exploit kit: 2.3.4 Payload |last1=Howard |first1=Fraser |date=March 29, 2012 |work= Naked Security |publisher=[[Sophos]] |accessdate=April 26, 2012}}</ref> According to [[Trend Micro]] the majority of infections due to this exploit kit were done in a series of high volume spam runs.<ref name="Oliver-at-al">{{cite web |url=http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_blackhole-exploit-kit.pdf |title=Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs |date=July 2012 |publisher=[[Trend Micro]] |accessdate=October 15, 2013}}</ref> The kit incorporates tracking mechanisms so that people maintaining the kit know considerable information about the victims arriving at the kits [[landing page]]. The information tracked includes the victims country, operating system, browser and which piece of software on the victims computer was exploited. These details are shown in the kit's user interface.<ref name="Jones-BlackHat">{{cite web |url=http://media.blackhat.com/bh-us-12/Briefings/Jones/BH_US_12_Jones_State_Web_Exploits_Slides.pdf |title=The State of Web Exploit Kits |date=August 2012 |publisher=Black Hat |accessdate=October 15, 2013}}</ref>▼
▲The '''Blackhole exploit kit'''
The supposedly Russian creators use the names "HodLuM" and "Paunch". It was reported on the October 7, 2013 that "Paunch" has been arrested.<ref name="SecurityWeek4.3">{{cite web |url=http://www.securityweek.com/blackhole-exploit-kit-author-paunch-arrested-reports |title=Blackhole Exploit Kit Author "Paunch" Arrested |date=October 8, 2013 |publisher=Security Week |accessdate=October 15, 2013}}</ref>▼
==History==
Blackhole exploit kit was released on "Malwox", an underground Russian hacking forum. It made its first appearance in 2010.<ref>{{Cite web|url=https://krebsonsecurity.com/2013/12/meet-paunch-the-accused-author-of-the-blackhole-exploit-kit/|title=Meet Paunch: The Accused Author of the BlackHole Exploit Kit — Krebs on Security|website=krebsonsecurity.com|date=6 December 2013 |language=en-US|access-date=2018-03-30}}</ref>
▲The supposedly Russian creators use the names "HodLuM" and "Paunch". It was reported on
Dmitry "Paunch" Fedotov was sentenced to seven years in a Russian penal colony on April 12, 2016.<ref>{{Cite web| url=http://krebsonsecurity.com/2016/04/blackhole-exploit-kit-author-gets-8-years/ | first=Brian | last=Krebs | author-link= Brian Krebs | title='Blackhole' Exploit Kit Author Gets 7 Years | publisher=Krebs on Security | date=April 14, 2016 | accessdate=April 20, 2016}}</ref>
==Function==
# The customer licenses the Blackhole exploit kit from the authors and specifies various options to customize the kit.
# A potential victim loads a compromised web page or opens a malicious link in a spammed email.
Line 11 ⟶ 18:
# If there is an exploit that is usable, the exploit loads and executes a payload on the victim's computer and informs the Blackhole exploit kit server which exploit was used to load the payload.
== Defenses
{{
A typical defensive posture against this and other advanced malware includes, at a minimum, each of the following:
* Ensuring that the browser, browser's plugins, and operating system are up to date. The Blackhole exploit kit targets vulnerabilities in old versions of browsers such as [[Firefox]], [[Google Chrome]], [[Internet Explorer]] and [[Safari (web browser)|Safari]] as well as many popular plugins
* Running a security utility with a good antivirus ''and'' good [[Intrusion prevention system|host-based intrusion prevention system]] (HIPS). Due to the [[polymorphic code]] used in generating variants of the Blackhole exploit kit, antivirus signatures will lag behind the automated generation of new variants of the Blackhole exploit kit, while changing the algorithm used to load malware onto victims' computers takes more effort from the developers of this exploit kit. A good HIPS will defend against new variants of the Blackhole exploit kit that use previously known algorithms.
==See also==
* [[Backdoor (computing)]]
* [[Botnet]]
* [[Computer virus]]
* [[Exploit (computer security)|Exploit]]
* [[HackTool.Win32.HackAV]]
* [[MPack (software)]]
* [[Spyware]]
* [[Trojan horse (computing)]]
* [[DarkComet]] – (Trojan / RAT)
== References ==
{{reflist}}
[[Category:Trojan horses]]
[[Category:Malware toolkits]]
| |||