Jump to content
SilviuCS

Blackhole exploit kit

Recommended Posts

Posted (edited)

This shit seems to be on fire over the internet so i decided to take a look and get it for free.

The Black Hole exploit kit is an unethical off-the-shelf Web application. The first instance - v.1.0.0 beta - has appeared on the black market and was advertised in August 2010 as a "System for network testing". As with most of the exploit kits, it is based on PHP and a MySQL backend. The payload of this kit usually targets Windows operating systems and applications installed on those systems, but depends on the criminals' end goal.

The kit's administrative system includes several so-called "Statistical Widgets". Most widgets provide the same information as pages in other kits, like global statistics, operating systems, top countries and referrers. An interesting feature of this kit is that a criminal can create a custom widget, basically meaning that the most important and required statistics will be gathered and shown in one widget.

The Black Hole exploit kit uses several protection mechanisms such as:

Integrated Antivirus based on an API of popular blackhats' AVCheck services

Forms database of blacklists based on referrers and IP addresses including ranges to block access to the system

The kit's settings allow criminals to choose a language interface of either Russian or English, which suggests that this kit was developed in Russia, and to change name of the malicious payload file and parameters to make it undetectable by AVs. Exploits are encrypted with custom algorithms, which makes this pack difficult to analyze by AVs and generic deobfuscation tools and services. The Black Hole exploit kit uses the Java OBE (Open Business Engine) toolkit to spread exploits and successfully load the malicious executable to the victim's machine. Once a victim follows the malicious Iframe, he will download a JAR file with an encoded URL parameter, and one of the classes of this JAR file will decode this parameter into a clear text URL. The URL will be concatenated with an HTTP GET parameter which will be used in downloading other malicious payload files. The exploit kit is encrypted by the commercial php-cryptor which makes the whole distribution very regulated and sophisticated. The kit is therefore only rented by the criminals and not sold like many others.

Here is a screen shot of the settings page:

0245.settings.png

More Info: Infosecurity (UK) - BlackHole exploit kit now being offered for free

Download:

blackhole.rar

Password: 123456789

Edited by SilviuCS

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...