Blackhole exploit kit 2.0 Released evades your A/V
Equipped with a souped-up admin panel, Blackhole 2.0 has gotten a total code rewrite and embraces random-domain generation to bypass defenses The creators of the infamous Blackhole exploit kit have announced version 2.0 of the malware, claiming to have rewritten the code entirely from scratch so as to evade popular antivirus software. The kit includes some noteworthy and nasty tricks, such as the use of short-term, random URLs for delivering exploits, but perhaps in recognition of the still-struggling global economy, the kit's creators aren't changing pricing.
According to Sophos, the Blackhole exploit kit is "the most popular drive-by malware we've seen recently.... It offers sophisticated techniques to generate malicious code. And it's very aggressive in its use of server-side polymorphism and heavily obfuscated scripts to evade antivirus detection. The end result is that Blackhole is particularly insidious."
In the past few months alone, malicious hackers have used Blackhole to exploit an unpatched MSXML flaw; to exploit Java vulnerabilities; to infect users with fake AV (antivirus) programs via Twitter spam campaigns; and to distribute the GameOver Trojan via a fake US Airways-themed email campaign.
The announcement about Version 2.0 of Blackhole appeared on the Russian-language website Malware don't need Coffee. In it, the creators explain that AV companies have been very quick to recognize signs of Blackhole and flag it as malware, necessitating the need for a total code rewrite. Beyond bolstering the kit's payload-delivery, the authors said they have also added improvements to the admin panel.
Seems to look the part of an everyday event for most people browsing the Internet. Whether they are aware enough to think "hang it a minute, I already have java installed" - my guess around 50% will still click away happily.