Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

BlackHole 2.0 gives hackers stealthier ways to pwn

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 13 Sep 2012 02:09:40 -0500 (CDT)
http://arstechnica.com/security/2012/09/blackhole-2-0-gives-hackers-stealthier-ways-to-pwn/

By Sean Gallagher
Ars Technica
Sept 12 2012
A new version of the BlackHole exploit kit is now out on the web and ready to start infecting. The developer of the toolkit, who goes by the handle "Paunch," recently announced the availability of Blackhole 2.0, which removes much of its trove of known and patched exploits, and replaces them with a whole new crop—along with features that will make it harder for antivirus companies and site owners to detect trouble.
BlackHole is a widely-used, web-based software package which includes a collection of tools to take advantage of security holes in web browsers to download viruses, botnet trojans, and other forms of nastiness to the computers of unsuspecting victims. The exploit kit is offered both as a "licensed" software product for the intrepid malware server operator and as malware-as-a-service by the author off his own server.
The announcement for the new version (translated on the Malware Don’t Need Coffee weblog from the original Russian, with the help of Google Translate), which Threatpost reports, was initially posted on the underground hacker marketplace site Exploit.ln, promises a number of new features to make it harder for antivirus software to detect and defend against exploit attacks. One of those is a random URL generation system that creates single-use web addresses for attacks that last only as long as a specific attack on a target computer. Random URLs are intended to prevent antivirus companies or security professionals from using the link to download the exploit for analysis.
The user can also designate page names in the URL that are human-readable (such as "/news/index.php") to fool browser users into believing they’re following a legitimate link. This prevents security software from detecting exploits based on the signature of the source URL. And BlackHole 2.0 limits which attacks it attempts to launch against a target based on detection of which plug-ins are present, reducing the possibility that they will trigger an antivirus package watching for behaviors. 

[...]

--
#HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia
with no keynotes, no labs - just three tracks filled with our most
popular speakers from the last decade: http://conference.hitb.org/
Previous By Date Next
Previous By Thread Next

Current thread: