[ISN] BlackHole 2.0 gives hackers stealthier ways to pwn

From: InfoSec News <alerts_at_private>
Date: Thu, 13 Sep 2012 02:09:40 -0500 (CDT)
http://arstechnica.com/security/2012/09/blackhole-2-0-gives-hackers-stealthier-ways-to-pwn/

By Sean Gallagher
Ars Technica
Sept 12 2012

A new version of the BlackHole exploit kit is now out on the web and 
ready to start infecting. The developer of the toolkit, who goes by the 
handle "Paunch," recently announced the availability of Blackhole 2.0, 
which removes much of its trove of known and patched exploits, and 
replaces them with a whole new crop—along with features that will make 
it harder for antivirus companies and site owners to detect trouble.

BlackHole is a widely-used, web-based software package which includes a 
collection of tools to take advantage of security holes in web browsers 
to download viruses, botnet trojans, and other forms of nastiness to the 
computers of unsuspecting victims. The exploit kit is offered both as a 
"licensed" software product for the intrepid malware server operator and 
as malware-as-a-service by the author off his own server.

The announcement for the new version (translated on the Malware Don’t 
Need Coffee weblog from the original Russian, with the help of Google 
Translate), which Threatpost reports, was initially posted on the 
underground hacker marketplace site Exploit.ln, promises a number of new 
features to make it harder for antivirus software to detect and defend 
against exploit attacks. One of those is a random URL generation system 
that creates single-use web addresses for attacks that last only as long 
as a specific attack on a target computer. Random URLs are intended to 
prevent antivirus companies or security professionals from using the 
link to download the exploit for analysis.

The user can also designate page names in the URL that are 
human-readable (such as "/news/index.php") to fool browser users into 
believing they’re following a legitimate link. This prevents security 
software from detecting exploits based on the signature of the source 
URL. And BlackHole 2.0 limits which attacks it attempts to launch 
against a target based on detection of which plug-ins are present, 
reducing the possibility that they will trigger an antivirus package 
watching for behaviors.

[...]

--
#HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia
with no keynotes, no labs - just three tracks filled with our most
popular speakers from the last decade: http://conference.hitb.org/
Received on Thu Sep 13 2012 - 00:09:40 PDT

This archive was generated by hypermail 2.2.0 : Thu Sep 13 2012 - 00:09:38 PDT