Posted by Blackhole exploit kit set for seven years
The author of the Blackhole exploit kit, known under the pseudonym Paunch (Dmitry Fedotov), was sentenced to seven years in prison. The sentence was pronounced by the Zamoskvoretsky Court of Moscow. In addition to Fedotov, six more cybercriminals were on the dock, all of them received terms ranging from 5.5 to 8 years. The court estimated the damage from the actions of hackers at 20 million rubles. Cybercriminals worked together, if one of them specialized in hacking legitimate sites, then Paunch specialized in the development of Blackhole, links to which were affixed to compromised resources.
A feature of the Blackhole exploit kit was the ability to implement stealthy drive-by download attacks using built-in exploits of such separate exploits for web browsers, as well as their plug-ins. Blackhole was one of the most commercially successful projects of cybercriminals among others, it was also the first such product that was offered to other cybercriminals for rent for a fee (crimeware-as-a-service).
')
Fig. Author Blackhole exploit kit.
Paunch was arrested at the end of 2013, as we wrote in a post on our blog. The well-known Russian company Group-IB participated in the capture of this cybercriminal. After buying a crimeware package from the author, the attacker had at his disposal all the functions of managing a set of exploits. The control panel is used to view statistics, “upload” necessary files, and control over distributed exploits.
Fig. Typical control panel for the Blackhole crimeware package. The operator can view the statistics on the success of the exploit kit, as well as download the necessary malware files for “distribution”.
One of the highlights of Blackhole was the inclusion in it of the so-called. 0day exploits that were used in cyber attacks on users. This attack scenario was very dangerous for users, because the exploits used by exploits were not yet closed by vendors, for example, Microsoft. This significantly increased the likelihood of successful exploit for the drive-by download. In the case of the invisible compromise of a well-known website, the profit for the attackers was huge.
According to Group-IB, BlackHole began to gain popularity back in 2010.
www.group-ib.ru/index.php/7-novosti/1362-group-ib-pomogla-presech-deyatelnost-izvestnogo-khakera-s-psevdonimom-paunch
ESET antivirus products detect malicious web pages and Blackhole components as JS / Iframe.DE , Java / Exploit.Blacole , SWF / Exploit.Blacole , as well as under general HTML / IFrame detections.
A feature of the Blackhole exploit kit was the ability to implement stealthy drive-by download attacks using built-in exploits of such separate exploits for web browsers, as well as their plug-ins. Blackhole was one of the most commercially successful projects of cybercriminals among others, it was also the first such product that was offered to other cybercriminals for rent for a fee (crimeware-as-a-service).
')
Fig. Author Blackhole exploit kit.
Paunch was arrested at the end of 2013, as we wrote in a post on our blog. The well-known Russian company Group-IB participated in the capture of this cybercriminal. After buying a crimeware package from the author, the attacker had at his disposal all the functions of managing a set of exploits. The control panel is used to view statistics, “upload” necessary files, and control over distributed exploits.
Fig. Typical control panel for the Blackhole crimeware package. The operator can view the statistics on the success of the exploit kit, as well as download the necessary malware files for “distribution”.
One of the highlights of Blackhole was the inclusion in it of the so-called. 0day exploits that were used in cyber attacks on users. This attack scenario was very dangerous for users, because the exploits used by exploits were not yet closed by vendors, for example, Microsoft. This significantly increased the likelihood of successful exploit for the drive-by download. In the case of the invisible compromise of a well-known website, the profit for the attackers was huge.
According to Group-IB, BlackHole began to gain popularity back in 2010.
A bunch of exploits "Blackhole" found the first customers in the summer of 2010 and gradually gained immense popularity among cybercriminals who want to distribute malicious programs. To install malware on users' computers, Blackhole exploits vulnerabilities in software components of web browsers, including the so-called 0-day vulnerabilities (vulnerabilities that have not yet been fixed by the software manufacturer). The source of visitors to whose computers with the help of “Blackhole” malware was installed was mostly hacked sites and spam sent via email.
The cost of renting a bundle of exploits "Blackhole" on the seller's server was $ 500 per month. And the rental price of the software itself for installation on its own server is $ 700 for three months. Currently, there are information about more than a thousand clients of the offender. It is known that every month, only on its illegal activity, “paunch” earned about 50 thousand US dollars, and its private car was a white “Porsche Cayenne”.
www.group-ib.ru/index.php/7-novosti/1362-group-ib-pomogla-presech-deyatelnost-izvestnogo-khakera-s-psevdonimom-paunch
ESET antivirus products detect malicious web pages and Blackhole components as JS / Iframe.DE , Java / Exploit.Blacole , SWF / Exploit.Blacole , as well as under general HTML / IFrame detections.
Source: https://habr.com/ru/post/281655/
All Articles