Exploring the Blackhole exploit kit

A technical paper by Fraser Howard, SophosLabs, UK

Table of contents

← Prev | Next →

4.3 Countries hosting Blackhole

The countries where Blackhole was being hosted were then analysed. Sites known to have hosted the exploit kit in the past 3 months were used in this analysis. At the time of this analysis, approximately 60% of the domain names failed to resolve to an IP address, and so no host country could be determined. The country distribution for the remaining 40% is illustrated in Figure 16.

Figure 16: Countries where Blackhole has been hosted during the past 3 months

Figure 16: Countries where Blackhole has been hosted during the past 3 months (excludes sites where the host country was not possible to determine).

As you can see, the bulk of host sites are supplied by hosting providers in Russia and the US. This is contrary to the picture we see when looking at similar data but for all web threats, where the US dominate with approximately 50% and Russia is not even placed within the top 10.

The volume of Blackhole hosted on compromised sites (Section 4.5) is currently estimated to be fairly small. However, if this increases, then the above distribution would change (it would tend towards the distribution expected for all web threats).

Table of contents

← Prev | Next →

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s