http://arstechnica.com/security/2012/09/blackhole-2-0-gives-hackers-stealthier-ways-to-pwn/ By Sean Gallagher Ars Technica Sept 12 2012 A new version of the BlackHole exploit kit is now out on the web and ready to start infecting. The developer of the toolkit, who goes by the handle "Paunch," recently announced the availability of Blackhole 2.0, which removes much of its trove of known and patched exploits, and replaces them with a whole new crop—along with features that will make it harder for antivirus companies and site owners to detect trouble. BlackHole is a widely-used, web-based software package which includes a collection of tools to take advantage of security holes in web browsers to download viruses, botnet trojans, and other forms of nastiness to the computers of unsuspecting victims. The exploit kit is offered both as a "licensed" software product for the intrepid malware server operator and as malware-as-a-service by the author off his own server. The announcement for the new version (translated on the Malware Don’t Need Coffee weblog from the original Russian, with the help of Google Translate), which Threatpost reports, was initially posted on the underground hacker marketplace site Exploit.ln, promises a number of new features to make it harder for antivirus software to detect and defend against exploit attacks. One of those is a random URL generation system that creates single-use web addresses for attacks that last only as long as a specific attack on a target computer. Random URLs are intended to prevent antivirus companies or security professionals from using the link to download the exploit for analysis. The user can also designate page names in the URL that are human-readable (such as "/news/index.php") to fool browser users into believing they’re following a legitimate link. This prevents security software from detecting exploits based on the signature of the source URL. And BlackHole 2.0 limits which attacks it attempts to launch against a target based on detection of which plug-ins are present, reducing the possibility that they will trigger an antivirus package watching for behaviors. [...] -- #HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia with no keynotes, no labs - just three tracks filled with our most popular speakers from the last decade: http://conference.hitb.org/Received on Thu Sep 13 2012 - 00:09:40 PDT
This archive was generated by hypermail 2.2.0 : Thu Sep 13 2012 - 00:09:38 PDT