Sophos Cloud Optix
The Blackhole exploit kit first reared its head in late 2010. Since then it’s grown to be one of the most notorious exploit kits ever seen.
In this technical paper, “Exploring the Blackhole Exploit Kit”, SophosLabs’ Fraser Howard lifts the lid on Blackhole.
He describes in detail how it works and the various files used to exploit machines and infect them with malware.
Fraser discusses how the kit has become so successful by uncovering and explaining the tricks used by Blackhole.
From how a user’s web traffic is controlled to how the attackers attempt to evade detection, the paper offers a great insight into how Blackhole works.
Read: Exploring the Blackhole exploit kit
Blackhole image, courtesy of Shutterstock
Excellent write-up. I'd be interested to know how users pay for the exploit kit. I would think they could follow the money to find it's creators/operators. Do they only accept bitcoins or liberty reserver or something similar?
Nice Analysis of the tool. would like to ask a question in most of the security blogs discussion is going on that blackhole tool is being used to exploit the vulnerability mentioned in CVE-2012-0507. Is it correct.
Reference: http://krebsonsecurity.com/tag/cve-2012-0507/
This was very helpful for a quick primer on BH. Thanks for making this available.