Exploring the Blackhole exploit kit

A technical paper by Fraser Howard, SophosLabs, UK

Table of contents

← Prev | Next →

4 Tracking Blackhole

In the final section of this paper, analysis of data gathered whilst tracking Blackhole is presented. Data from the past 6 months was used (Oct 2011 to Mar 2012), except where indicated otherwise.

4.1 Distribution of web threats

It is interesting to compare the threat posed by Blackhole in comparison with other web threats. As you can see from Figure 14, Blackhole features prominently in the threat statistics.

Figure 14: Breakdown of detected web threats by type (Oct 2011-Mar 2012)

Figure 14: Breakdown of detected web threats by type (Oct 2011-Mar 2012).

Redirects from legitimate sites compromise the bulk of threats detected (unsurprisingly), but as you can see, just over a third of these are redirects specifically to Blackhole. Amongst the exploit sites seen, approximately half of them are Blackhole, confirming that this kit remains dominant in the market.

Table of contents

← Prev | Next →