Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Blackhole Exploit Kit Gets an Upgrade

wiredmikey (1824622) writes | more than 2 years ago

Security 0

wiredmikey (1824622) writes "The popular Blackhole exploit kit, assumed to be created and maintained by an individual going by the online moniker of “Paunch" who continuously updates the browser exploit software, looks like it has just received another upgrade.

The exploit works by infecting a user when they visit a Blackhole-infected site, and their browser runs the JavaScript code, usually via a hidden iframe. If the location or URL for the malicious iframe changes or is taken down, all of the compromised sites will have to be updated to point to this new location, making it hard for the attackers. To deal with this, the Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains, based on the date and other information, and then creates an iframe pointing to the generated domain

Moreover, the kit’s recent upgrade also added a new attack. According to Sophos, sometime in early June Blackhole was updated to include an attack that targets a flaw in Microsoft’s XML Core Services, which remains unpatched.

Unfortunately, the changes prove once again that the criminal economy online is alive and well. Ironically, the work Paunch is doing possibly isn’t technically illegal in and of itself, as he’s simply writing software that others then buy or rent to actually hack victims’ computers and steal from them"

Link to Original Source

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?