Technical paper: Journey inside the Blackhole exploit kit

Plug hole. Image from ShutterstockOne of the most common questions we receive at SophosLabs is “How are users most likely to get infected with malware?”.

As regulars readers will be aware, the answer is through the web. More specifically, computers are most likely to be infected through compromised legitimate websites redirecting user traffic to malicious websites that are hosting some exploit kit.

The most active of these exploit kits in recent times is one known as Blackhole.

Properly understanding how the Blackhole exploit kit works and why it has become the most popular of the various exploit kits available is important in order to provide the best protection to our customers.

Previous research focused on early versions of the Blackhole exploit kit, and the tricks used by the attackers in evading detection.

More recently, SophosLabs expert Gabor Szappanos has been delving deeper into the internal workings of the Blackhole exploit kit, to get a more thorough understanding of how it works.

Gabor’s technical paper, entitled “Inside a Black hole”, is now available, and I would encourage all readers to download it and learn more about the Blackhole exploit kit.

Read now: “Inside a Black Hole”

Plug hole image from Shutterstock.