All the latest UK technology news, reviews and analysis

Fake Blackhole 2.0 kit turns tables on cyber criminals

21 Sep 2012
malware virus security threat scam

A rehashed exploit kit masquerading as Blackhole 2.0 has appeared, but with the intention of tricking cyber criminals into visiting the page hosting the fake exploit, rather than as a genuine malware kit.

The fake version of Blackhole 2.0 was discovered by security firm Symantec, who at first thought a dangerous new toolkit was being offered, before a closer inspection revealed something different.

"Naturally, we started investigating and soon discovered that something about the website was not right," wrote Symantec's Lionel Payet on the Symantec blog.

"The main content section of both pages are the same. However, at the top of the 'new' version there is a light blue table containing some Russian text in the area where the Blackhole menu should be."

Payet cited disparities in the file names of the exploit kit as further proof that the product is a fake, clarifying that it likely has nothing to do with the real team behind Blackhole.

"The people behind this page do not have version 2.0, they more than likely have nothing to do with Blackhole and are only trying to advertise their services by exploiting a well-known name to gain attention," he said.

The scam is reportedly designed to bait criminals looking to download the exploit kit onto its site, thus increasing its advertising revenue.

"It is now clear that this page is merely using the Blackhole 2.0 name as bait in an attempt to lure users into visiting the page and reading the advertisements," wrote Payet.

"This method is not new; spammers often use names of famous people and products or the latest news events to try to lure users into reading their spam emails. However, it is quite unusual to see a popular exploit kit name used in this manner."

Blackhole is an exploit kit commercially available via online black markets. It allows a criminals without strong IT skills to mount automated attacks. It contains setup tools for various pieces of malware.

The kit's author promised they would be releasing a new Blackhole 2.0 version in the near future leading to widespread concerns within the security industry.

Both Microsoft and Finnish security firm F-Secure have listed exploit kits like Blackhole as one of the biggest threats facing the globe.

For more insight into some of the major security issues affecting businesses make sure you sign up to the V3 Security Summit taking place on Tuesday 25 September which includes high-level speakers such as Mimecast chief scientist Nathaniel Borenstein and cryptographer Bruce Schneier.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Pipe Stress Engineer

Rolls-Royce has an excellent opportunity for Pipe Stress...

SAP Test Manager/Lead SD & WHM

We have 2 roles for SAP Testing with WHM (Warehouse...

System Support Officer

South Somerset District Council The Council Offices...

IT Infrastructure Manager (MCSE)

Are you trained to MCSE level or equivalent with management...
To send to more than one email address, simply separate each address with a comma.