A free copy of the BlackHole exploit kit is available on several file-sharing sites, lowering the cost of entry for budding cybercriminals, experts warned this week.
The BlackHole exploit kit, which generally sells in underground forums for $1,500 per annual license, allows for the silent installation of malware on unpatched systems. First introduced last year, BlackHole contains a collection of exploits primarily targeting Windows machines, as well as the applications installed on those systems.
The kit is user-friendly, even for amateur hackers, and features an administrator panel that shows statistics of successful exploitation per vulnerability, operating system, browser and country, Aviv Raff, CTO of cyber threat management firm Seculert, told SCMagazineUS.com on Tuesday. It also allows its owners to set rules specifying which malware to unleash, based on a victim's country.
“Even the less talented cybercriminals can now get hold of this ammo and use it to automatically install malware, as they don't need to pay for the exploit kit,” Raff said.
The free version is not the most updated edition of BlackHole, however, Raff said. It does not contain some exploits targeting newer vulnerabilities, which are included in the latest version, which still costs money.
The release of BlackHole comes just weeks after the source code of the Zeus malware kit was leaked on several underground forums.
“Zeus, like any other malware, can be installed by exploit kits like BlackHole,” Raff said. “The leakage of Zeus was like giving away a machine gun for free. Giving away exploit kits, like BlackHole, is like providing the ammo.”HD Moore, chief security officer at Rapid7, and founder and chief architect of the open-source pen testing framework Metasploit, told SCMagazineUS.com on Tuesday that the BlackHole release may have been accidental, considering the code has been obfuscated, making it difficult for someone to modify, customize or update the kit.
Those who download the free copy of BlackHole will be able use its exploits but won't be able to get updates or use many of the kit's capabilities since the source code was meant for one particular user, Moore said.
"This differs significantly from the Zeus leak, in which the complete, unencoded source code was made available," he said.