BlackHole Exploit Kit 2.0 released


2 min read
BlackHole Exploit Kit 2.0 released

BlackHole Exploit Kit 2.0 released with more latest Exploits

According to release announcement on Pastebin by unknown developers in a Russian-language BlackHole Exploit Kit 2.0 released with more latest Exploits. BlackHole is one of the most dominant exploit toolkits currently available in the underground market. It enables attackers to exploit security holes in order to install malicious software on victim's systems.

The new variant doesn’t rely on plugindetect to determine the Java version that’s installed, thus speeding up the malware download process. Old exploits that were causing browsers to crash and “scary visual effects” have been removed.

The exploit kit is offered both as a "licensed" software product for the intrepid malware server operator and as malware-as-a-service by the author off his own server.

* Some interesting claims by developer about new version:
* prevent direct download of executable payloads
* only load exploit contents when client is considered vulnerable
* drop use of PluginDetect library (performance justification)
* remove some old exploits (leaving Java atomic & byte, PDF LibTIFF, MDAC)
* change from predictable url structure (filenames and querystring parameter names)
* update machine stats to include Windows 8 and mobile devices
* better breakdown of plug-in version information
* improved checking of referrer
* block TOR traffic

Finally, a number of “private tricks” have been implemented, which the author prefers to keep a secret because he fears that competitors and antivirus companies are “sneaking around.” The developer offers a one-day rental of capacity on his server for as little as $50, up to a month-long lease for $500 (with larger fees for traffic over 70,000 web hits per day).

For those who want to run their own BlackHole server, licenses start at $700 for a 3-month license (which includes software support) and range up to $1,500 for a full year, plus $200 for the multidomain version. For those who want to cover their tracks, a site clean-up package comes priced at $300.

Follow us on Telegram and Twitter for all such latest cybersecurity news and updates.


Electromagnetic Pulse Attacks
Previous article

Electromagnetic Pulse Attacks

Electromagnetic Pulse Attacks : Are we prepared ? An electromagnetic pulse (EMP) attack is a threat few Americans are familiar with, yet one which could easily destroy

Anonymous member Barrett Brown Arrested by FBI
Next article

Anonymous member Barrett Brown Arrested by FBI

Anonymous member Barrett Brown Arrested by FBI Anonymous hacker Barrett Brown was arrested by the FBI last night, his apartment raided while he was in


GO TOP

🎉 You've successfully subscribed to Hack Reports!
OK