Please create an account to participate in the Slashdot moderation system


Forgot your password?

Submission + - Blackhole Exploit Kit Gets an Upgrade (

wiredmikey writes: The popular Blackhole exploit kit, assumed to be created and maintained by an individual going by the online moniker of “Paunch" who continuously updates the browser exploit software, looks like it has just received another upgrade.

The exploit works by infecting a user when they visit a Blackhole-infected site, and their browser runs the JavaScript code, usually via a hidden iframe. If the location or URL for the malicious iframe changes or is taken down, all of the compromised sites will have to be updated to point to this new location, making it hard for the attackers. To deal with this, the Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains, based on the date and other information, and then creates an iframe pointing to the generated domain

Moreover, the kit’s recent upgrade also added a new attack. According to Sophos, sometime in early June Blackhole was updated to include an attack that targets a flaw in Microsoft’s XML Core Services, which remains unpatched.

Unfortunately, the changes prove once again that the criminal economy online is alive and well. Ironically, the work Paunch is doing possibly isn’t technically illegal in and of itself, as he’s simply writing software that others then buy or rent to actually hack victims’ computers and steal from them

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Blackhole Exploit Kit Gets an Upgrade

Comments Filter:

Order and simplification are the first steps toward mastery of a subject -- the actual enemy is the unknown. -- Thomas Mann