All the latest UK technology news, reviews and analysis

Blackhole exploit tool traced to Russia

01 Dec 2012
malware virus security threat

A report from security firm Sophos has concluded that the infamous Blackhole malware exploit kit originated in Russia.

Researcher Gabor Szappanos said in a teardown report on the Blackhole source code that a number of clues point towards Russia as the cradle of the wildly popular exploit kit which allows attackers to automatically target flaws for malware installations.

According to Szappanos, the developers of Blackhole left several key pieces of information available in the source code which suggest their location. Among the clues was the setting of Moscow as the default time zone location and the preference of Russian as the default interface language.

Other clues include the use of date formats unique to Eastern Europe and the presence of Cyrillic character encoding.

"All the evidence supports the assumption that the development of the Blackhole exploit kit occurred in Russia," Szappanos said.

The discovery of Blackhole's origin could prove useful for security researchers and law enforcement groups who are trying to stop the spread of Blackhole and apprehend the developers behind it.

The Blackhole kit has grown in recent years to become the most popular exploit kit on the internet. Researcher estimate that various builds of Blackhole are responsible for as much as one third of all drive-by malware attacks.

While the most recent versions of Blackhole can cost hundreds to thousands of dollars to purchase and maintain, older versions of the platform can be found for free on various cybercrime sites.

Recently, the platform showed signs of spreading as researchers uncovered 'Cool,' an attack toolkit which appears to be derived from Blackhole.


  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols

Shaun Nichols is the US correspondent for He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?

Popular Threads

Powered by Disqus
V3 Security Summit

V3 Security Summit Day 2: Botnet, skills and BYOD intelligence incoming

Keep V3 bookmarked for news updates on all the key security concerns and topics facing businesses

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

VIP/Executive Support Engineer

VIP/ Executive Support Engineer sought by a Global, Tier...

Java Developer - London - Circa 35,000 + Bonuses

Java Developer - London - Circa £35,000 + Bonuses The...

Java Analyst Developer - 50,000 - 60,000

Java Analyst Developer - £50,000 - £60,000 The company...

Desktop Support Analyst - Canterbury - £20-22 per hour

Contract Desktop Support Engineer, Canterbury £25-30...
To send to more than one email address, simply separate each address with a comma.