By Patrick Marshall

Blog archive

Blackhole exploit site turns the tables on spammers

There is an old saying that you can’t kid a kidder. But apparently you can spam a spammer.

Researchers at Symantec came across a website apparently advertising the latest version of the popular Blackhole exploit kit. But upon closer examination it appears to be merely a front for a site advertising services for hackers.

If you want Blackhole 2.0 you will have to go somewhere else.


If software patches are important, why do so many ignore them?

“This method is not new,” Symantec security response manager Lionel Payet wrote in a blog posting. "Spammers often use names of famous people and products or the latest news events to try to lure users into reading their spam e-mails. However, it is quite unusual to see a popular exploit kit name used in this manner,” he wrote.

Exploit kits are a product of the commercialization of hacking as it has become dominated by organized crime. Increasingly professional services are being offered to those who want to carry out attacks without having a lot of technical expertise. The kits bundle packages of exploits for known vulnerabilities and can be licensed to deliver malware to victims on behalf of the licensee.

Blackhole can be licensed and customized at reasonable prices, starting at about $50. The customer places it on a server, and victim traffic can be delivered to the malicious server through a variety of methods, such as a legitimate webpage that has been compromised or a link in a spam or phishing e-mail, the latter being the most common type of malware campaign used against government users. Once a victim connects, the computer is scanned for vulnerabilities, the appropriate exploits are uploaded, and another ’bot joins the ’net.

Version 2.0 of Blackhole was released earlier this month and, according to Threatpost, it contains extensive new features. It has cleaned up its contents to remove older exploits for vulnerabilities that are well-known and patched, added support for Windows 8 and mobile devices, and included a random domain generator to allow attacks to be delivered from random, short-lived URLs that can be harder to spot and block.

The phony Blackhole 2.0 site is a counterfeit rehash of an old Blackhole page, according to Payet, offering services for registering domain names, hosting servers and encryption. “Altogether these services could offer cybercriminals a complete infrastructure to be used for hosting cybercrime operations,” he wrote.

But not Blackhole. If you visited the page and feel ripped off, there’s another old saying: What goes around, comes around.


Posted by William Jackson on Sep 21, 2012 at 9:39 AM


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.