The BlackHole exploit kit has gained quite a fan base in the security industry and there is now a white paper that reveals some interesting facts about the evolving malware.
BlackHole has been around for a long time and judging by the fact that new versions keep cropping up, it’s unlikely that attackers will not stop using it to distribute malware anytime soon, said Sophos Labs Principal Researcher Gabor Szappanos, who wrote the white paper.
The paper details the evolution of BlackHole, its source code, the control panel, encryption and its origins.
According to the researcher, there’s a lot of evidence to support the theory the exploit kit came from Russia.
The default time zone of the installation is for Europe/Moscow, the user interface language default is Russian, and the date format is Little Endian, which is different than the one utilized in U.S. or China.
Furthermore, the English user interface text is less correct than the one in the Russian interface.
Click here to download the complete technical paper.