All the latest UK technology news, reviews and analysis

Blackhole exploit kit use plummets after creator's arrest

27 Nov 2013

Use of the notorious Blackhole exploit kit has radically dropped since the arrest of its alleged creator "Paunch", according to an independent malware researcher.

The researcher, known as Kafeine, wrote in a blog post that the use of the Blackhole hack tool has almost completely ceased, reporting he has not seen a new variant or system update for the exploit kit in weeks. The news comes less than six weeks after Russian police arrested a man believed to be the author of the exploit kit.

In its heyday Blackhole was the most commonly used exploit kit in the world. Security firm F-Secure estimated that Blackhole accounted for 27 percent of the exploit kit market in March. Exploit kits are publicly traded hack tools that let criminals automatically mount a variety of cyber scams and attacks.

In the past the Blackhole exploit kit has been linked to numerous phishing scams that sent malware-laden messages claiming to come from legitimate companies, such as the BBC and CNN. Before Paunch's arrest the Blackhole kit received a constant stream of updates designed to let it target newly discovered vulnerabilities.

FireEye malware research engineer Josh Gomez told V3 the rapid decrease in Blackhole usage is likely due to the lack of new vulnerability updates. "Blackhole's curator (Paunch) is no longer actively maintaining the exploit kit since his arrest. We see the drop in activity and it correlates to the timeframe of his arrest," he said.

"The Blackhole and Cool exploit kits were typically rented and leased, allowing the author to keep tighter control over the framework and offer an enhanced level of service or customisation to customers. With his removal from the exploit kit marketplace, Blackhole customers will find themselves needing to switch to other exploit kits as current Blackhole services expire or are dismantled."

Gomez said it is likely that a new criminal group will fill the gap and release a new exploit kit. "While we don't know of any specific groups picking up where Blackhole left off, it has left a void that is sure to be filled by other exploit kits or copycat authors who want to capitalise on the opportunity to bring new crimeware tools to the marketplace," he said.

Global technical consultant at Damballa and ex-Scotland Yard cybercrime unit detective Adrian Culley mirrored Gomez's sentiment, arguing that it will only be a matter of time before a new kit appears.

"Fighting the source of malware is much like trying to slay the mythical Hydra, for each head you cut off, two more will grow in its place. Given the difficulties in indexing the web, and seeing what exactly lies behind html pages, it is highly unlikely that this is the last we have seen of this malware. The dark web is like dark matter, we know it's there, but it's very hard to say exactly where, and what the dark data consists of," he said.

These comments mirror past criminal behaviour patterns following an exploit kit author's arrest. A similar pattern occurred earlier this year when a man believed to have created the Phoenix exploit kit was arrested.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Devices at work poll

Which device do you use most for work?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Linux SME / Tools Engineer - banking / low latency - to c. 85k

Linux SME / Tools Engineer - banking / low latency...

CRM System Officers

At the University of Derby, people are at the heart of...

Business Intelligence Analyst

Citywire is a global publishing company with offices...

CRM System Support & Development Manager

At the University of Derby, people are at the heart of...
To send to more than one email address, simply separate each address with a comma.