A new version of the Blackhole exploit kit, a tool commonly used by hackers to take advantage of unpatched vulnerabilities, was recently released. A critical Java exploit, which left many users vulnerable for several days last month, provided an example of the speed at which hackers can spread their malware. In many cases, hackers have several days to operate before a software patch is released.
The new version of Blackhole may be especially troublesome because it is designed to better disguise malicious websites, limiting the effectiveness of blacklisting tools. CSO columnist Antone Gonsalves highlighted several new features that contribute to the webkit's effectiveness.
"Security experts said the most interesting new feature was the ability to generate short-term, random URLs pointing to malicious websites or hijacked sites that contain hacker-installed malware," Gonsalves wrote. "Because the URLs keep changing, it's difficult for search engines, site owners and security companies to identify malicious pages."
Gonsalves also pointed out that Blackhole is similar to any other software in that hackers can purchase a variety of different licenses to use it. For example, cybercriminals can pay a lower price to rent the developer's server or pay a much higher fee for unlimited domains. Despite the fact that the most recent updates are designed to hamper the detection of malware-ridden websites, Marcus Carey, a security researcher at Rapid7, expressed confidence that researchers will be able to hack the program and gather the necessary information to update security software. This means the best defense against Blackhole-based attacks remains keeping anti-malware programs up to date.
New updates increase success
While security researchers are confident in their abilities, users should still practice extra vigilance when updates to a major exploit kit are released. For example, the success rate of Blackhole jumped from approximately 10 percent to 25 percent when the webkit was updated to target an unpatched Java vulnerability earlier this month, according to Infosecurity magazine.
Cybercriminals sent out phishing emails, seemingly from a variety of different web services, in order to trick users into clicking on malicious links. For example, 10,000 spoof Amazon emails were detected shortly after the Java exploit had been added to Blackhole. The weakness has since been patched, but the spike in success rates showcases the importance of awareness in regard to new security threats.
Security News from SimplySecurity.com by Trend Micro