By Patrick Marshall

Blog archive

Blackhole exploit site turns the tables on spammers

There is an old saying that you can’t kid a kidder. But apparently you can spam a spammer.

Researchers at Symantec came across a website apparently advertising the latest version of the popular Blackhole exploit kit. But upon closer examination it appears to be merely a front for a site advertising services for hackers.

If you want Blackhole 2.0 you will have to go somewhere else.


If software patches are important, why do so many ignore them?

“This method is not new,” Symantec security response manager Lionel Payet wrote in a blog posting. "Spammers often use names of famous people and products or the latest news events to try to lure users into reading their spam e-mails. However, it is quite unusual to see a popular exploit kit name used in this manner,” he wrote.

Exploit kits are a product of the commercialization of hacking as it has become dominated by organized crime. Increasingly professional services are being offered to those who want to carry out attacks without having a lot of technical expertise. The kits bundle packages of exploits for known vulnerabilities and can be licensed to deliver malware to victims on behalf of the licensee.

Blackhole can be licensed and customized at reasonable prices, starting at about $50. The customer places it on a server, and victim traffic can be delivered to the malicious server through a variety of methods, such as a legitimate webpage that has been compromised or a link in a spam or phishing e-mail, the latter being the most common type of malware campaign used against government users. Once a victim connects, the computer is scanned for vulnerabilities, the appropriate exploits are uploaded, and another ’bot joins the ’net.

Version 2.0 of Blackhole was released earlier this month and, according to Threatpost, it contains extensive new features. It has cleaned up its contents to remove older exploits for vulnerabilities that are well-known and patched, added support for Windows 8 and mobile devices, and included a random domain generator to allow attacks to be delivered from random, short-lived URLs that can be harder to spot and block.

The phony Blackhole 2.0 site is a counterfeit rehash of an old Blackhole page, according to Payet, offering services for registering domain names, hosting servers and encryption. “Altogether these services could offer cybercriminals a complete infrastructure to be used for hosting cybercrime operations,” he wrote.

But not Blackhole. If you visited the page and feel ripped off, there’s another old saying: What goes around, comes around.


Posted by William Jackson on Sep 21, 2012 at 9:39 AM


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected