Jeremy Scott | September 13, 2012
An announcement was made about the release of a new version of the popular Blackhole Exploit Kit by its author, “Paunch”, on pastebin.com yesterday.
While the pricing model appears to have remained the same as the previous version, several new features have been added to this latest version, including support for Windows® 8 and mobile devices. Blackhole's success has always been related to the author’s constant maintenance and improvement of the exploit kit.
The latest version promises to provide additional improvements such as:
- Only loading exploits when client browser plugins are considered vulnerable
- Dropping the use of PluginDetect library to improve performance
- Removing all the old exploits that are not as effective
The author also describes several overhauls to the admin panel to enhance performance and statistical tracking. Additionally, the admin panel will now include a captcha to prevent the automated brute-forcing of the admin panel.
Not all the improvements were done for the sake of performance and clean-up though. The author included several new features to try to prevent researchers and anti-virus companies from doing their research. The new version will change the predictable URL structure that was used in previous versions. Instead, the URLs will be dynamically generated and only last a few seconds, making automatic downloading difficult. Along with dynamic URLs, the author is attempting to prevent direct and multiple downloads of the executable payloads as well as attempts from The Onion Router (TOR) networks.
While the author has made significant improvements and feature enhancements to the new version, the methods of luring victims to the landing page remain the same. The victim will either be lured through the use of mass-distributed malicious email containing hyperlinks to a compromised website or by unsafe Internet browsing practices.
The new exploit kit has not been observed in use at the time of this post but we should anticipate that it will show up soon. Ultimately, we expect Blackhole Exploit Kit 2.0 to be faster, better, and current. Unfortunately, the targets will see about the same thing they see now.
See how Solutionary managed security services based on the patented ActiveGuard® service platform combine security intelligence and expertise to provide visibility, threat detection and event response.
POST A COMMENT