Return of Blackhole Shows Surging Popularity of Exploit Kits, Repurposing of Old Malware

Sue Marquette Poremba
Slide Show

Reduce Data Breach Damage by Improving Detection and Response

According to an article on ZDNet, one of the most popular exploit kits is coming back to life, even though its developer was arrested a couple of years ago. According to the article:

The Blackhole exploit kit was one of the most well-known kits available to cybercriminals on the web. Available to "rent" for up to $700 a month, the exploit kit contained Web-based vulnerabilities designed to deliver malware payloads of the buyer's choice to compromised systems. . . . It might be several years later [after the arrest], but the exploit kit has been spotted in drive-by downloads on compromised websites.

Jerome Segura, senior researcher with Malwarebytes, discovered the resurgent exploit kit and told Info Security Magazine:


Although the exploits are old, there are probably still vulnerable computers out there who could get compromised. We also noticed that the author behind this Blackhole edition was working on new landing pages, so it is possible there might be additional changes in the future.

There are two important takeaways to this news.

First, the resurgence of Blackhole seems to be following a small trend of old pieces of malware making a return appearance. Last month, for instance, I reported on G DATA’s study that found that banking Trojans are on the rise for the first time in several years.

Second, Blackhole returned at the same time we’re seeing a huge jump in exploit kit activity. In its third quarter DNS Threat Index, Infoblox reported that exploit kit activity jumped 75 percent during this period. The Index looks at the creation of malicious DNS, and this quarter it found that four kits in particular -- Angler, Magnitude, Neutrino and Nuclear – were responsible for 96 percent of the activity. As Craig Sanderson, senior director of security products at Infoblox, explained in a prepared statement, exploit kits are behind some of the highest-profile attacks in recent months.

Also in a statement, Rod Rasmussen, chief technology officer at IID, added that exploit kits are constantly evolving to take advantage of newly discovered vulnerabilities and to avoid traditional security systems. That apparently also means taking old kits and bringing them back to life.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.