Your one-stop web resource providing safety and security information to manufacturers

The BlackHole exploit kit has gained quite a fan base in the security industry and there is now a white paper that reveals some interesting facts about the evolving malware.

BlackHole has been around for a long time and judging by the fact that new versions keep cropping up, it’s unlikely that attackers will not stop using it to distribute malware anytime soon, said Sophos Labs Principal Researcher Gabor Szappanos, who wrote the white paper.

Password Stealing Malware Incognito
Europe Domains Host BlackHole
DNS Records Hacked
Best Practices for DKIM Hole

The paper details the evolution of BlackHole, its source code, the control panel, encryption and its origins.

According to the researcher, there’s a lot of evidence to support the theory the exploit kit came from Russia.

Schneider Bold

The default time zone of the installation is for Europe/Moscow, the user interface language default is Russian, and the date format is Little Endian, which is different than the one utilized in U.S. or China.

Furthermore, the English user interface text is less correct than the one in the Russian interface.

Click here to download the complete technical paper.

Pin It on Pinterest

Share This