Blackhole exploit kit

From Wikipedia, the free encyclopedia - View original article

Jump to: navigation, search

The Blackhole exploit kit is as of 2012 the most prevalent web threat, where 28% of all web threats detected by Sophos and 91% by AVG are due to this exploit kit.[1] Its purpose is to deliver a malicious payload to a victim's computer.[2] According to Trend Micro the majority of infections due to this exploit kit were done in a series of high volume spam runs.[3] The kit incorporates tracking mechanisms so that people maintaining the kit know considerable information about the victims arriving at the kits landing page. The information tracked includes the victims country, operating system, browser and which piece of software on the victims computer was exploited. These details are shown in the kit's user interface.[4]


Blackhole exploit kit was released on "Malwox", an underground Russian hacking forum.[citation needed]

The supposedly Russian creators use the names "HodLuM" and "Paunch". It was reported on the October 7, 2013 that "Paunch" has been arrested.[5]


  1. The customer licenses the Blackhole exploit kit from the authors and specifies various options to customize the kit.
  2. A potential victim loads a compromised web page or opens a malicious link in a spammed email.
  3. The compromised web page or malicious link in the spammed email sends the user to a Blackhole exploit kit server's landing page.
  4. This landing page contains obfuscated JavaScript that determines what is on the victim's computers and loads all exploits to which this computer is vulnerable and sometimes a Java applet tag that loads a Java Trojan horse.
  5. If there is an exploit that is usable, the exploit loads and executes a payload on the victim's computer and informs the Blackhole exploit kit server which exploit was used to load the payload.


A typical defensive posture against this and other advanced malware includes, at a minimum, each of the following:


  1. ^ Howard, Fraser (March 29, 2012). "Exploring the Blackhole exploit kit: 4.1 Distribution of web threats". Naked Security. Sophos. Retrieved April 26, 2012. 
  2. ^ Howard, Fraser (March 29, 2012). "Exploring the Blackhole exploit kit: 2.3.4 Payload". Naked Security. Sophos. Retrieved April 26, 2012. 
  3. ^ "Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs". Trend Micro. July 2012. Retrieved October 15, 2013. 
  4. ^ "The State of Web Exploit Kits". Black Hat. August 2012. Retrieved October 15, 2013. 
  5. ^ "Blackhole Exploit Kit Author "Paunch" Arrested". Security Week. October 8, 2013. Retrieved October 15, 2013.