Blackhole exploit kit v2 on the rise

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Blackhole exploit kit v2 on the rise
Botnet
Malware
Botnet/malware group
Exploit kits Blackhole
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-10-19
Editor/Conference Zscaler
Link http://research.zscaler.com/2012/10/blackhole-exploit-kit-v2-on-rise.html (Archive copy)
Author Pradeep Kulkarni
Type

Abstract

Some of key enhancements include:

  • The URL format is dynamic in nature. It does not follow a particular pattern as the version 1.0 URLs did.
  • Now executables delivered with malicious content are also protected from multiple downloads.

Heavy obfuscation of the code continues as it had in the prior version. Like the Blackhole Exploit Kit v1, v2 also continues to target the known vulnerabilities in Internet Explorer (IE), Adobe and Java. A sample of raw Blackhole exploit kit v2 can be seen from the following recent infection:

Bibtex

 @misc{Kulkarni2012BFR1189,
   editor = {Zscaler},
   author = {Pradeep Kulkarni},
   title = {Blackhole exploit kit v2 on the rise},
   date = {19},
   month = Oct,
   year = {2012},
   howpublished = {\url{http://research.zscaler.com/2012/10/blackhole-exploit-kit-v2-on-rise.html}},
 }