BlackOS software package automates website hacking, costs $3,800 a year

Share this article:
The malicious package is being sold on underground markets for $3,800 a year.
The malicious package is being sold on underground markets for $3,800 a year.

An updated version of a malicious software package designed to automate the process of hacking websites is being offered up on underground markets for $3,800 a year, according to a blog by Trend Micro.

In a Thursday email correspondence, Christopher Budd, threat communications manager for Trend Micro, told SCMagazine.com that the software – known as BlackOS – can manage hacked sites that redirect end-users to websites serving malware.

The redirection is carried out by injecting malicious IFrames into websites, Budd said, adding this can be done using one of several features available in BlackOS.

“[It] can also manage large lists of FTP credentials and [can] check each of the accounts' credentials for validity, as well as verifies each malicious website URL against AV vendors to see if anyone blocks the website,” Budd said.

One of the things that makes BlackOS particularly useful for miscreants is that it scans a large range of IPs for exploitable vulnerabilities, Budd said, explaining that the attackers are not dialing in on specific targets.

“They do a mass attack, there are no specific targets as these websites are just a launch pad to perform their malicious attacks,” Budd said. “They are usually looking for an easy access, once they are inside they will try to level up the privileges to gain root access on the machine and therefore be able to [make] use of the BlackOS features, which is inject a malicious IFrames in all web pages.”

The posts advertising BlackOS in underground forums are written in Russian, according to the Trend Micro blog, which explains that the software costs $3,800 a year, or $100 a month for a budgeted version with basic configurations.

The BlackOS software is an updated version of the “Tale of the North” software, according to the blog.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.