ADVERTISEMENT
Filtered By: Scitech
SciTech

New Blackhole exploit kit out


+
Add GMA on Google
Make this your preferred source to get more updates from this publisher on Google.
Just when you thought Blackhole was the worst online threat out there, here comes Version 2.0 of the exploit kit, a security vendor said this week.
 
Sophos said the new version has "improvements" in the way the dreaded exploit kit evades detection by existing security measures.
 
"The announcement also talks about improvements made to the admin interface. This is important - the author's business is marketing this exploit kit against others on the market. As you can see, improvements include several things designed to make it harder for researchers to harvest content from the exploit sites," it said.
 
It said the kit's authors noted antivirus companies have "become very quick" to catch up and flag the old version of Blackhole as malware.
 
Sophos said the new version hints at the following features:
 
  • prevent direct download of executable payloads
  • only load exploit contents when client is considered vulnerable
  • drop use of PluginDetect library (performance justification)
  • remove some old exploits (leaving Java atomic & byte, PDF LibTIFF, MDAC)
  • change from predictable url structure (filenames and querystring parameter names)
 
"Good to see that we are seen to not be sleeping :)," it quoted those behind the new Blackhole as saying.
 
Sophos said those behind the kit also indicated the following rates:
 
  • Day rental - $50 (limit traffic 50k hits)
  • Week rental - $200 (limit traffic 70k hits a day)
  • Month rental - $500 (limit traffic 70k hits a day)
if needed, traffic limit can be raised for the additional fee
 
License fees range from $700 for three months, to $1,500 for one year. — TJD, GMA News
Tags: blackhole, malware
Most Popular