Search This Blog

Powered by Blogger.

Blog Archive

Labels

Balckhole exploit kit: Back with a bang; proving to be a threat again

Balckhole exploit kit: Back with a bang; proving to be a threat again

Blackhole exploit tool, a tool for running drive-by download attacks, has made a comeback two years after its author arrest, according to Malwarebytes.

The security firm has detected that cybercrooks have been using Blackhole as a malware to make use of leaked code from the software. It has been highly using in active drive-by download campaigns via compromised websites.

“We noticed Java and PDF exploits collected by our honeypot which we haven’t seen in ages. Looking closer at the structure of this attack, we were surprised when we realized this was the infamous Blackhole,” the researchers from Malwarebytes wrote in a blog.

According to the researchers, the new drive-by download attacks on the same structure as the original Blackhole, even reusing the old PDF and Java exploits.

“The only difference is the malware payload being dropped, which is current and had very low detection on VirusTotal,” they said.

The server used to host the exploit infrastructure happens to be fully browsable (thanks @MeJz024 for the tip). The folder structure shows with no doubt this is taken straight from the Blackhole source code that had been leaked.

The researchers have analyzed that although the exploits are old, there are probably still vulnerable computers out there who could get compromised.

And, it is also believed that the author of the Blackhole edition was working on new landing pages, so it is possible there might be additional changes in the future.

“We are not quite sure why this old exploit kit is being used in live attacks considering the infection rate would be quite low due to the aging exploits,” they added.

However, they have assumed that the reason could be that the source code being public, it is a free platform that can be built upon and updated.



Share it: