Fake Blackhole 2.0 kit turns tables on cyber criminals

A rehashed exploit kit masquerading as Blackhole 2.0 has appeared, but with the intention of tricking cyber criminals into visiting the page hosting the fake exploit, rather than as a genuine malware kit.

The fake version of Blackhole 2.0 was discovered by security firm Symantec, who at first thought a dangerous new toolkit was being offered, before a closer inspection revealed something different.

"Naturally, we started investigating and soon discovered that something about the website was not right," wrote Symantec's Lionel Payet on the Symantec blog.

"The main content section of both pages are the same. However, at the top of the 'new' version there is a light blue table containing some Russian text in the area where the Blackhole menu should be."

Payet cited disparities in the file names of the exploit kit as further proof that the product is a fake, clarifying that it likely has nothing to do with the real team behind Blackhole.

"The people behind this page do not have version 2.0, they more than likely have nothing to do with Blackhole and are only trying to advertise their services by exploiting a well-known name to gain attention," he said.

The scam is reportedly designed to bait criminals looking to download the exploit kit onto its site, thus increasing its advertising revenue.

"It is now clear that this page is merely using the Blackhole 2.0 name as bait in an attempt to lure users into visiting the page and reading the advertisements," wrote Payet.

"This method is not new; spammers often use names of famous people and products or the latest news events to try to lure users into reading their spam emails. However, it is quite unusual to see a popular exploit kit name used in this manner."

Blackhole is an exploit kit commercially available via online black markets. It allows a criminals without strong IT skills to mount automated attacks. It contains setup tools for various pieces of malware.

The kit's author promised they would be releasing a new Blackhole 2.0 version in the near future leading to widespread concerns within the security industry.

Both Microsoft and Finnish security firm F-Secure have listed exploit kits like Blackhole as one of the biggest threats facing the globe.

For more insight into some of the major security issues affecting businesses make sure you sign up to the V3 Security Summit taking place on Tuesday 25 September which includes high-level speakers such as Mimecast chief scientist Nathaniel Borenstein and cryptographer Bruce Schneier.