Blackhole exploit kit comes back from the grave

The author is cooling his heels after his arrest, but this hasn't stopped the exploit kit from making a comeback.


The Blackhole exploit kit has risen from the grave, detected online in drive-by malware campaigns on compromised websites.

The Blackhole exploit kit was one of the most well-known kits available to cybercriminals on the web. Available to "rent" for up to $700 a month, the exploit kit contained Web-based vulnerabilities designed to deliver malware payloads of the buyer's choice to compromised systems.

Despite the fact the exploit kit's creator, dubbed Paunch, was arrested in 2013 by Russian law enforcement which brought updates to a halt, it seems the kit is yet to vanish entirely.

Following Paunch's arrest -- which was also related to the development of the Cool Exploit Kit -- some developers kept Blackhole running for a few months, but a lack of updates and fresh exploits meant the exploit kit eventually faded from significance, losing traction thanks to competition by Angler and Hanjuan, among other exploit kits.

However, as reported by Malwarebytes, the story of Blackhole isn't finished. It might be several years later, but the exploit kit has been spotted in drive-by downloads on compromised websites.

The kit reuses the same old exploits which hits software including Adobe Reader and Java -- and the only major difference the security team discovered is the original malware payload being dropped, "which is current and had very low detection on VirusTotal," according to Malwarebytes.


Further investigations reveal the servers hosting Blackhole have not modified the kit beyond the source code. The code was leaked four years ago, granting malware creators the opportunity to add their own flavor and exploit modules to the system.

While Blackhole is not an issue if your computer is fully patched and up-to-date, basic cybersecurity advice is continually ignored by consumers and businesses alike (just ask a Parisian airport which insists on using a 23-year-old Windows system).

If PCs are not updated, they remain vulnerable to legacy exploits and threats such as Blackhole.

The drive-by download Blackhole version may be old, but this doesn't mean the kit will rely on old exploits forever. According to Malwarebytes, the author appears to be working on new landing pages -- and so may also plan to add additional exploits available in the underground to Blackhole in the future.

Read on: Top picks