Wikipedia

Blackhole exploit kit: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Atmega644 (talk | contribs)
26 edits
No edit summary
FrescoBot (talk | contribs)
Bots
1,153,311 edits
m Bot: link syntax and minor changes
Line 1:
{{one source|date=July 2012}}
The '''Blackhole exploit kit''' is as of 2012 the most prevalent [[web threat]], where 28% of all web threats detected by [[Sophos]] and 91% by [[AVG (software)|AVG]] are due to this [[Exploit_(computer_security)|exploit]] kit.<ref name="Howard4.1">{{cite web |url=http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-14/ |title=Exploring the Blackhole exploit kit: 4.1 Distribution of web threats|last1=Howard |first1=Fraser |date=March 29, 2012 |work=Naked Security |publisher=[[Sophos]] |accessdate=April 26, 2012}}</ref> Its purpose is to deliver a [[Malware|malicious]] [[Payload_(computing)|payload]] to a victim's computer.<ref name="Howard2.3.4">{{cite web |url=http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-14/ |title=Exploring the Blackhole exploit kit: 2.3.4 Payload |last1=Howard |first1=Fraser |date=March 29, 2012 |work= Naked Security |publisher=[[Sophos]] |accessdate=April 26, 2012}}</ref> According to [[Trend Micro]] the majority of infections due to this exploit kit were done in a series of high volume [[Spamming|spam]] runs.<ref name="Oliver-at-al">{{cite web |url=http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_blackhole-exploit-kit.pdf |title=Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs |date=July 2012 |publisher=[[Trend Micro]] |accessdate=October 15, 2013}}</ref> The kit incorporates tracking mechanisms so that people maintaining the kit know considerable information about the victims arriving at the kits [[landing page]]. The information tracked includes the victims country, [[Operating_system|operating system]], browser and which piece of software on the victims computer was exploited. These details are shown in the kit's user interface.<ref name="Jones-BlackHat">{{cite web |url=http://media.blackhat.com/bh-us-12/Briefings/Jones/BH_US_12_Jones_State_Web_Exploits_Slides.pdf |title=The State of Web Exploit Kits |date=August 2012 |publisher=Black Hat |accessdate=October 15, 2013}}</ref>
 
==History==
Line 14:
# If there is an exploit that is usable, the exploit loads and executes a payload on the victim's computer and informs the Blackhole exploit kit server which exploit was used to load the payload.
 
== Defenses ==
A typical defensive posture against this and other advanced malware includes, at a minimum, each of the following:
* Ensuring that the browser, browser's plugins, and operating system are up to date. The Blackhole exploit kit targets vulnerabilities in old versions of browsers such as [[Firefox]], [[Google Chrome]], [[Internet Explorer]] and [[Safari (web browser)|Safari]] as well as many popular plugins like [[Adobe Flash]], [[Adobe Acrobat]] and [[Java (programming language)|Java]].
Retrieved from "https://en.wikipedia.org/wiki/Blackhole_exploit_kit"