May 24, 2011

BlackHole exploit kit now available for free

A free copy of the BlackHole exploit kit is available on several file-sharing sites, lowering the cost of entry for budding cybercriminals, experts warned this week.

The BlackHole exploit kit, which generally sells in underground forums for $1,500 per annual license, allows for the silent installation of malware on unpatched systems. First introduced last year, BlackHole contains a collection of exploits primarily targeting Windows machines, as well as the applications installed on those systems.

The kit is user-friendly, even for amateur hackers, and features an administrator panel that shows statistics of successful exploitation per vulnerability, operating system, browser and country, Aviv Raff, CTO of cyber threat management firm Seculert, told SCMagazineUS.com on Tuesday. It also allows its owners to set rules specifying which malware to unleash, based on a victim's country.

“Even the less talented cybercriminals can now get hold of this ammo and use it to automatically install malware, as they don't need to pay for the exploit kit,” Raff said.


The free version is not the most updated edition of BlackHole, however, Raff said. It does not contain some exploits targeting newer vulnerabilities, which are included in the latest version, which still costs money.

However, the free copy is still effective since many users are slow to patch flaws in, for example, Adobe Reader and Flash and Oracle's Java software, Raff added.

The release of BlackHole comes just weeks after the source code of the Zeus malware kit was leaked on several underground forums.

“Zeus, like any other malware, can be installed by exploit kits like BlackHole,” Raff said. “The leakage of Zeus was like giving away a machine gun for free. Giving away exploit kits, like BlackHole, is like providing the ammo.”

HD Moore, chief security officer at Rapid7, and founder and chief architect of the open-source pen testing framework Metasploit, told SCMagazineUS.com on Tuesday that the BlackHole release may have been accidental, considering the code has been obfuscated, making it difficult for someone to modify, customize or update the kit.

Those who download the free copy of BlackHole will be able use its exploits but won't be able to get updates or use many of the kit's capabilities since the source code was meant for one particular user, Moore said.

"This differs significantly from the Zeus leak, in which the complete, unencoded source code was made available," he said.

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.