Blackhole crimeware as a service here to stay

Blackhole crimeware as a service here to stay

Summary: First-quarter figures show that the Blackhole malware kit continues to be the most common tool used by hackers. Its crimeware-as-a-service business model could be with us for at least another year.

SHARE:
TOPICS: Security, Malware
0

First-quarter figures show that the Blackhole malware kit continues to be the most common tool used by hackers. Its crimeware-as-a-service business model could be with us for at least another year.

Blackhole, the Swiss army knife of malware that we discussed on the Patch Monday podcast in February, illustrates the increasing sophistication of the online criminal ecosystem. We return to Blackhole on this week's episode.

"It's written by a separate group of people than the people who are actually going about and doing most of the infections," says Michael McKinnon, security advisor with AVG Australia and New Zealand.

"This is an underground piece of software, which is purchased and is then used by cybercriminals to go about their work."

Crimeware has normally been sold in one-off transactions to evade detection by law-enforcement agencies, but Blackhole is sold on a subscription basis, with updates coming roughly every two weeks.

"It's quite astonishing, the level of complexity and the speed at which they're able to turn these things around," McKinnon says.

To discuss the evolution of Blackhole and other trends highlighted in the latest "AVG Community Powered Threat Report" (PDF) released yesterday, McKinnon is joined by Rob Collins, senior sales engineer for APAC with WatchGuard.

Collins notes that Blackhole-using criminals are targeting victims through Facebook and Twitter, where they might reach users who don't traditionally have a strong IT background. Frequently, they're using URL shorteners, such as Twitter's own t.co service, to obscure the links to malware-infected sites.

"When you click on that link initially, all you know is that you've got some kind of hashed signature, so you don't know where you're going to end up," Collins says.

The conversation also covers the increasing targeting of websites using the WordPress content management system (CMS), and comments on the hyping of cyberwar that reflect those of war-studies academic Thomas Rid, which we heard a few weeks ago.

To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 28 minutes, 45 seconds

Topics: Security, Malware

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion