May 24, 2011

BlackHole exploit kit now available for free

A free copy of the BlackHole exploit kit is available on several file-sharing sites, lowering the cost of entry for budding cybercriminals, experts warned this week.

The BlackHole exploit kit, which generally sells in underground forums for $1,500 per annual license, allows for the silent installation of malware on unpatched systems. First introduced last year, BlackHole contains a collection of exploits primarily targeting Windows machines, as well as the applications installed on those systems.

The kit is user-friendly, even for amateur hackers, and features an administrator panel that shows statistics of successful exploitation per vulnerability, operating system, browser and country, Aviv Raff, CTO of cyber threat management firm Seculert, told SCMagazineUS.com on Tuesday. It also allows its owners to set rules specifying which malware to unleash, based on a victim's country.

“Even the less talented cybercriminals can now get hold of this ammo and use it to automatically install malware, as they don't need to pay for the exploit kit,” Raff said.


The free version is not the most updated edition of BlackHole, however, Raff said. It does not contain some exploits targeting newer vulnerabilities, which are included in the latest version, which still costs money.

However, the free copy is still effective since many users are slow to patch flaws in, for example, Adobe Reader and Flash and Oracle's Java software, Raff added.

The release of BlackHole comes just weeks after the source code of the Zeus malware kit was leaked on several underground forums.

“Zeus, like any other malware, can be installed by exploit kits like BlackHole,” Raff said. “The leakage of Zeus was like giving away a machine gun for free. Giving away exploit kits, like BlackHole, is like providing the ammo.”

HD Moore, chief security officer at Rapid7, and founder and chief architect of the open-source pen testing framework Metasploit, told SCMagazineUS.com on Tuesday that the BlackHole release may have been accidental, considering the code has been obfuscated, making it difficult for someone to modify, customize or update the kit.

Those who download the free copy of BlackHole will be able use its exploits but won't be able to get updates or use many of the kit's capabilities since the source code was meant for one particular user, Moore said.

"This differs significantly from the Zeus leak, in which the complete, unencoded source code was made available," he said.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.