Blackhole exploit kit: Difference between revisions

The '''Blackhole exploit kit''' is currently{{When|date=March 2013}} the most prevalent [[web threat]], where 28% of all web threats detected by [[Sophos]] and 91% by [[AVG (software)|AVG]] are due to this exploit kit.<ref name="Howard4.1">{{cite web |url=http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-14/ |title=Exploring the Blackhole exploit kit: 4.1 Distribution of web threats|last1=Howard |first1=Fraser |date=March 29, 2012 |work=Naked Security |publisher=[[Sophos]] |accessdate=April 26, 2012}}</ref> Its purpose is to deliver a malicious payload to a victim's computer.<ref name="Howard2.3.4">{{cite web |url=http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-14/ |title=Exploring the Blackhole exploit kit: 2.3.4 Payload |last1=Howard |first1=Fraser |date=March 29, 2012 |work= Naked Security |publisher=[[Sophos]] |accessdate=April 26, 2012}}</ref> According to [[Trend Micro]] the majority of infections due to this exploit kit, were done in a series of high volume spam runs.<ref name="Oliver-at-al">{{cite web |url=http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_blackhole-exploit-kit.pdf |title=Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs |date=July, 2012 |publisher=[[Trend Micro]] |accessdate=October 15, 2013}}</ref> The kit incorporates tracking mechanisms so that people maintaining the kit know considerable information about the victims arriving at the kits [[landing page]]. The information tracked includes the victims country, operating system, browser and which piece of software on the victims computer was exploited. These details are shown in the kits user interface. <ref name="Jones-BlackHat">{{cite web |url=http://media.blackhat.com/bh-us-12/Briefings/Jones/BH_US_12_Jones_State_Web_Exploits_Slides.pdf |title=The State of Web Exploit Kits |date=August, 2012 |publisher=[[Black Hat]] |accessdate=October 15, 2013}}</ref>