dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1214
share rss forum feed


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

Blackhole exploit kit 2.0 Released evades your A/V

Equipped with a souped-up admin panel, Blackhole 2.0 has gotten a total code rewrite and embraces random-domain generation to bypass defenses
The creators of the infamous Blackhole exploit kit have announced version 2.0 of the malware, claiming to have rewritten the code entirely from scratch so as to evade popular antivirus software. The kit includes some noteworthy and nasty tricks, such as the use of short-term, random URLs for delivering exploits, but perhaps in recognition of the still-struggling global economy, the kit's creators aren't changing pricing.

According to Sophos, the Blackhole exploit kit is "the most popular drive-by malware we've seen recently.... It offers sophisticated techniques to generate malicious code. And it's very aggressive in its use of server-side polymorphism and heavily obfuscated scripts to evade antivirus detection. The end result is that Blackhole is particularly insidious."

In the past few months alone, malicious hackers have used Blackhole to exploit an unpatched MSXML flaw; to exploit Java vulnerabilities; to infect users with fake AV (antivirus) programs via Twitter spam campaigns; and to distribute the GameOver Trojan via a fake US Airways-themed email campaign.

The announcement about Version 2.0 of Blackhole appeared on the Russian-language website Malware don't need Coffee. In it, the creators explain that AV companies have been very quick to recognize signs of Blackhole and flag it as malware, necessitating the need for a total code rewrite. Beyond bolstering the kit's payload-delivery, the authors said they have also added improvements to the admin panel.

»www.infoworld.com/t/malware/blac···e-202263
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


norwegian
Premium
join:2005-02-15
Outback

The announcement about Version 2.0 of Blackhole appeared on the Russian-language website Malware don't need Coffee.

I've had a couple of Russian domain specific email's in the past few days, I wonder if it is related? Not that I try out the links for free medicines.

One seemed a definite bot
imbdubvsqcs.kdjs8ltidnkg.es6drhl3ag.net
wreb.ru

That one was from Monday, our time.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

»webcache.googleusercontent.com/s···nk&gl=us



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Name Game

Published on Sep 12, 2012 by Kafeineify
Infection by a Blackhole Exploit Kit 2.0 using CVE-2012-4681 on Windows 7

»www.youtube.com/watch?v=1olXWq3S···&list=UL


using CVE-2012-1535
ht tp://www.youtube.com/watch?v=NGqPfwWLDVc&feature=channel&list=UL
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


norwegian
Premium
join:2005-02-15
Outback


Seems to look the part of an everyday event for most people browsing the Internet. Whether they are aware enough to think "hang it a minute, I already have java installed" - my guess around 50% will still click away happily.


BreakTheSec

join:2012-09-15
reply to Name Game

The latest version of BlackHole Exploit kit 2.0 is being used in spam campaigns. Recently, it is used in ADP spam mail.

»www.ehackingnews.com/2012/09/spa···t-2.html