Blackhole exploit kit: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 16:03, 30 March 2018 edit Madcatter24 (talk \| contribs) 2 edits Added a citation ← Previous edit		Latest revision as of 04:55, 5 June 2025 edit undo Citation bot (talk \| contribs) Bots 5,873,327 edits Added date. \| Use this bot. Report bugs. \| Suggested by Abductive \| Category:Articles needing cleanup from May 2025 \| #UCB_Category 383/402
(11 intermediate revisions by 10 users not shown)
Line 1: {{Short description\|Malware toolkit}} {{about\|the exploit kit\|other uses\|black hole (disambiguation)}} The '''Blackhole exploit kit''' iswas, as of 2012, the most prevalent [[web threat]], where 29% of all web threats detected by [[Sophos]] and 91% by [[AVG (software)\|AVG]] are due to this [[exploit kit]].<ref name="Howard4.1">{{cite web \|url=http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-14/ \|title=Exploring the Blackhole exploit kit: 4.1 Distribution of web threats\|last1=Howard \|first1=Fraser \|date=March 29, 2012 \|work=Naked Security \|publisher=[[Sophos]] \|accessdate=April 26, 2012}}</ref> Its purpose is to deliver a [[Malware\|malicious]] [[Payload (computing)\|payload]] to a victim's computer.<ref name="Howard2.3.4">{{cite web \|url=http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-14/ \|title=Exploring the Blackhole exploit kit: 2.3.4 Payload \|last1=Howard \|first1=Fraser \|date=March 29, 2012 \|work= Naked Security \|publisher=[[Sophos]] \|accessdate=April 26, 2012}}</ref> According to [[Trend Micro]] the majority of infections due to this exploit kit were done in a series of high volume [[Spamming\|spam]] runs.<ref name="Oliver-at-al">{{cite web \|url=http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_blackhole-exploit-kit.pdf \|title=Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs \|date=July 2012 \|publisher=[[Trend Micro]] \|accessdate=October 15, 2013}}</ref> The kit incorporates tracking mechanisms so that people maintaining the kit know considerable information about the victims arriving at the kit's [[landing page]]. The information tracked includes the victim's country, [[operating system]], browser and which piece of software on the victim's computer was exploited. These details are shown in the kit's user interface.<ref name="Jones-BlackHat">{{cite web \|url=http://media.blackhat.com/bh-us-12/Briefings/Jones/BH_US_12_Jones_State_Web_Exploits_Slides.pdf \|title=The State of Web Exploit Kits \|date=August 2012 \|publisher=[[Black Hat Briefings]] \|accessdate=October 15, 2013}}</ref> ==History== Blackhole exploit kit was released on "Malwox", an underground Russian hacking forum. It made its first appearance in 2010.<ref ~~name="Wiki"~~>{{~~cite~~Cite web \| url=~~http~~https://~~virus.wikia~~krebsonsecurity.com/~~wiki~~2013/12/meet-paunch-the-accused-author-of-the-blackhole-exploit-kit/~~Blackhole_exploit_kit~~ \| title=Meet ~~Blackhole~~Paunch: ~~exploit~~The ~~kit~~Accused \|Author ~~publisher=Fandom~~of the BlackHole Exploit Kit — Krebs on ~~Wikia~~Security\|~~accessdate~~website=~~March~~krebsonsecurity.com\|date=6 ~~30,~~December 2013 \|language=en-US\|access-date=2018-03-30}}</ref> The supposedly Russian creators use the names "HodLuM" and "Paunch". It was reported on October 7, 2013 that "Paunch" had been arrested.<ref name="SecurityWeek4.3">{{cite web \|url=http://www.securityweek.com/blackhole-exploit-kit-author-paunch-arrested-reports \|title=Blackhole Exploit Kit Author "Paunch" Arrested \|date=October 8, 2013 \|publisher=Security Week \|accessdate=October 15, 2013}}</ref> Line 18 ⟶ 19: == Defenses == {{How-to\|section\|date=May 2025}} A typical defensive posture against this and other advanced malware includes, at a minimum, each of the following: Line 32 ⟶ 35: * [[Spyware]] * [[Trojan horse (computing)]] * [[DarkComet]] – (Trojan / RAT) == References ==