CyberEye

Blog archive

Blackhole exploit site turns the tables on spammers

There is an old saying that you can’t kid a kidder. But apparently you can spam a spammer.

Researchers at Symantec came across a website apparently advertising the latest version of the popular Blackhole exploit kit. But upon closer examination it appears to be merely a front for a site advertising services for hackers.

If you want Blackhole 2.0 you will have to go somewhere else.


Related:

If software patches are important, why do so many ignore them?


“This method is not new,” Symantec security response manager Lionel Payet wrote in a blog posting. "Spammers often use names of famous people and products or the latest news events to try to lure users into reading their spam e-mails. However, it is quite unusual to see a popular exploit kit name used in this manner,” he wrote.

Exploit kits are a product of the commercialization of hacking as it has become dominated by organized crime. Increasingly professional services are being offered to those who want to carry out attacks without having a lot of technical expertise. The kits bundle packages of exploits for known vulnerabilities and can be licensed to deliver malware to victims on behalf of the licensee.

Blackhole can be licensed and customized at reasonable prices, starting at about $50. The customer places it on a server, and victim traffic can be delivered to the malicious server through a variety of methods, such as a legitimate webpage that has been compromised or a link in a spam or phishing e-mail, the latter being the most common type of malware campaign used against government users. Once a victim connects, the computer is scanned for vulnerabilities, the appropriate exploits are uploaded, and another ’bot joins the ’net.

Version 2.0 of Blackhole was released earlier this month and, according to Threatpost, it contains extensive new features. It has cleaned up its contents to remove older exploits for vulnerabilities that are well-known and patched, added support for Windows 8 and mobile devices, and included a random domain generator to allow attacks to be delivered from random, short-lived URLs that can be harder to spot and block.

The phony Blackhole 2.0 site is a counterfeit rehash of an old Blackhole page, according to Payet, offering services for registering domain names, hosting servers and encryption. “Altogether these services could offer cybercriminals a complete infrastructure to be used for hosting cybercrime operations,” he wrote.

But not Blackhole. If you visited the page and feel ripped off, there’s another old saying: What goes around, comes around.

 

Posted by William Jackson on Sep 21, 2012 at 9:39 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.