BlackHole Exploit Kit 2.0 released & updated with new exploits
The Blackhole exploit kit is currently the most popular web threat, where 28% of all web threats detected by Sophos and 91% by AVG are due to this exploit kit.[1] Its purpose is to deliver a malicious payload to a victim’s computer.[2]
Basic summary of how Blackhole works
- The customer licenses the Blackhole exploit kit from the authors and specifies various options to customize the kit.
- A potential victim loads a compromised web page or opens a malicious link in a spammed email.
- The compromised web page or malicious link in the spammed email sends the user to a Blackhole exploit kit server’s landing page.
- This landing page contains obfuscated JavaScript that determines what is on the victim’s computers and loads all exploits that this computer is vulnerable to and sometimes a Javaapplet tag that loads a Java Trojan horse.
- If there is an exploit that is usable, the exploit loads and executes a payload on the victim’s computer and informs the Blackhole exploit kit server which exploit was used to load the payload.
Here is a ‘poor english’ translation of the 16 new improvements that come with the new release. Translate from the original Russian Pastebin
1. Captcha entered for logging on to our practice, it was not enough to break a few cases the admin panel of clients by Brutus, it should not slow down a lot of some wise men.
2. Statistics on the flow now easy to see by selecting it from the drop down menu on the home page of statistics, will also become available for quick viewing and copying the reference to guest statistics.
3. Now the admin panel will not slow down when it reaches 1-2kn cores, and generally will not slow down, the entire load is distributed on the scripts are executed on the crown and the grouping of piles of logs in one account, it will never reset statistics and stash it almost years. Essentially version 2.0 we wrote for what amounts to a bunch of could hold many times more than the old version, which we successfully achieved.
4. Added the ability to be used as an aid to performance Memcached, and very convenient, and it can not be used for those who do not bring down the volume of traffic the server.
5. To the list of operating systems added to Win 8, and mobile devices, in order to see how much of your traffic is mobile, and mobile traffic, you can redirect to the appropriate affiliate.
6. In the molasses, we also see the innovations might have been allowed to operate with two types of rules, exploits and redirects now Add item stub. Plug is used to display a static html page. For example, you can make a plug for Google Chrome traffic, and there to create a page with the text of its kind: This page only works in Internet Explorer, Opera, Firefox.
7. Now it is a welcome feature, disable flow with fawn exe file. The system automatically checks the pale of your file through the time you specify when you add a file.
8. Now you can use a bunch as a gasket between the power cores and the place of her destination, for which to create an opportunity to select the stream URL to redirect to waste a bunch of cores. It is useful to pass a few cores ligaments, or for subsequent redirect to Landing.
9. When added to the file will be possible to specify the frequency of inspection of the file on the pale AB, as well as an update file with slashes (if the file is added to urlu).
10. There is a new menu item “Software Version”, where we can watch the version of plugins Java, Acrobat reader of your traffic, see the breaking of each version, monitor the quality of traffic by looking at is whether trafer pierces the plug-ins in your traffic. It is very useful for evaluating the quality of traffic and to monitor the performance sployty on the right version of the plugin.
11. Completely updated “Security”, about it can devote even a sub-section:
a) the opportunity to block traffic without referer (we recommend to always keep on)
b) the opportunity to ban unnecessary referrers
c) the opportunity to ban all referrers except those you
d) the opportunity to ban bots on a prepared base of 13k ipov (thanks xshaman) (recommend that you keep it turned on)
d) the opportunity to ban TOR network, Types which are dynamically updated as the practice most reversers work from there (it is recommended to always keep on)
e) there was a recording mode, let you stop the traffic and you do not have to wait for the traffic of which, put the record mode, and all reversers and bots that run on your link after stopping cores directly go to the ban list)
12. As in Section 11, we had many opportunities to bans, selecting at least one version of the ban, the menu, the “Ban Statistics”, in which you can see the number of blocked traffic, and the reason for the lock
13. In the settings section, we can now specify in more detail what we want to do with the referrer statistics (not to record the referrer, and keep track referrers Keep track referrers without displaying the guest of the article)
14. An opportunity to update GeoIP database with one click in the admin
15. All of which had expected to able to disable a bunch of incriminating in the domain, it looks like this: when you choose how much AB domain considered not clean (eg 1) as soon as the domain gets in the black for one auto, it switches to the next. It is also possible to specify what to do if a net domains run out, turn off a bunch of completely, or use no net domain.
16. In connection with the adjustment described in paragraph 15, a new menu “Domains”, where we can add lists of domains incriminating see them, manage them completely, as well as the opportunity to get API reference for a particular stream, on which you can always see a link to a clean traffic.
In fact, version 2.0 is not a continuation of the old bunch, is a completely new system written entirely from scratch, given the client is going to request for more than two years of operation, version 1. *