In association with heise online

24 May 2011, 15:14

Professional exploit packs freely available online

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Trojan

Two weeks after the source code for the ZeuS bot found its way onto the web, the barrier to entry for cyber-crime has been lowered further. Persons unknown have circulated the BlackHole and Impassioned exploit frameworks, which take advantage of various security vulnerabilities in Windows to infect systems with malware such as ZeuS.

Threatpost reports that BlackHole is one of the most professional illegal attack tools currently available on the black market. An annual licence usually costs around $1,500, with additional attack modules available for a further fee. The H's associates at heise Security has learnt on underground forums that the developers behind the Impassioned framework charge 4,000 euros for an annual licence.

The version of BlackHole for which the source code has now been published is not the most recent and does not contain the latest exploits. However, because the majority of Windows users do not regularly update the applications installed on their systems, attackers can still do plenty of damage with older toolkits.

Although BlackHole has only been on the market for a short time, it has already been used for large-scale attacks. According to an initial analysis by heise Security, the framework consists primarily of PHP files, the source code for which is protected by the ionCube encoder. According to Threatpost, one peculiarity of BlackHole is the Traffic Direction Script, which allows potential victims to be redirected to different landing pages depending on the browser and operating system used.

Simply downloading these exploit packs is in itself illegal in countries such as Germany, but even in the UK where one would have to use the software maliciously in order to break the law, it is worth bearing in mind that the software might well contain backdoors and could infect systems on which it is executed.

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1249612
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit