April 15, 2016 at 11:55The author of the Blackhole exploit kit will sit for seven years
The author of the Blackhole exploit kit, known under the pseudonym Paunch (Dmitry Fedotov), was sentenced to seven years in prison. The verdict was passed by the Zamoskvoretsky court of Moscow. In addition to Fedotov, six more cybercriminals appeared in the dock, all of them received sentences ranging from 5.5 to 8 years. The court estimated the damage from the actions of hackers at 20 million rubles. Cybercriminals worked together, if one of them specialized in hacking legitimate sites, then Paunch specialized in developing Blackhole, links to which were put on compromised resources.
A feature of the Blackhole exploit kit was the ability to implement covert drive-by download attacks using the individual exploits built into the set of exploits for web browsers, as well as their plug-ins. Blackhole was one of the most commercially successful cybercriminal projects among others, it was also the first such product offered to other cybercriminals for rent for a fee (crimeware-as-a-service).
Fig. Posted by Blackhole exploit kit.
Paunch was arrested at the end of 2013, as we wrotein a post on our blog. The well-known Russian company Group-IB participated in the capture of this cybercriminal. After purchasing a crimeware package from the author, the attacker got at his disposal all the functions of managing a set of exploits. The control panel is used to view statistics, “flood” the necessary files, and control over the distributed exploits.
Fig. Typical Blackhole crimeware dashboard. The operator can see the success statistics of a set of exploits, as well as download the necessary malware files for “distribution”.
One of the “highlights” of Blackhole was the inclusion in its composition of the so-called. 0day exploits that were used in cyber attacks on users. This attack scenario was very dangerous for users, because exploit vulnerabilities were not yet closed by vendors, for example, Microsoft. This significantly increased the likelihood of a successful exploit for drive-by download. In the case of an inconspicuous compromise of a well-known website, the profit for attackers was huge.
According to Group-IB, BlackHole began to gain popularity back in 2010.
www.group-ib.ru/index.php/7-novosti/1362-group-ib-pomogla-presech-deyatelnost-izvestnogo-khakera-s-psevdonimom-paunch
ESET antivirus products detect malicious web pages and Blackhole components like JS /Iframe.DE , Java / Exploit.Blacole , SWF / Exploit.Blacole , and also under common detections like HTML / IFrame .
A feature of the Blackhole exploit kit was the ability to implement covert drive-by download attacks using the individual exploits built into the set of exploits for web browsers, as well as their plug-ins. Blackhole was one of the most commercially successful cybercriminal projects among others, it was also the first such product offered to other cybercriminals for rent for a fee (crimeware-as-a-service).
Fig. Posted by Blackhole exploit kit.
Paunch was arrested at the end of 2013, as we wrotein a post on our blog. The well-known Russian company Group-IB participated in the capture of this cybercriminal. After purchasing a crimeware package from the author, the attacker got at his disposal all the functions of managing a set of exploits. The control panel is used to view statistics, “flood” the necessary files, and control over the distributed exploits.
Fig. Typical Blackhole crimeware dashboard. The operator can see the success statistics of a set of exploits, as well as download the necessary malware files for “distribution”.
One of the “highlights” of Blackhole was the inclusion in its composition of the so-called. 0day exploits that were used in cyber attacks on users. This attack scenario was very dangerous for users, because exploit vulnerabilities were not yet closed by vendors, for example, Microsoft. This significantly increased the likelihood of a successful exploit for drive-by download. In the case of an inconspicuous compromise of a well-known website, the profit for attackers was huge.
According to Group-IB, BlackHole began to gain popularity back in 2010.
A bunch of Blackhole exploits found their first customers in the summer of 2010 and gradually gained immense popularity among cybercriminals who wanted to spread malware. To install malware on users ’computers, Blackhole exploits vulnerabilities in web browser software components, including the so-called 0-day vulnerabilities (vulnerabilities that have not yet been fixed by the software manufacturer). The visitors to the computers whose malware was installed using Blackhole were mainly hacked sites and spam emails.
The rental price of the Blackhole exploit bundle on the seller’s server was $ 500 per month. And the rental price of the software itself for installation on its own server is $ 700 for three months. Currently, there is information about more than a thousand clients of the offender. It is known that every month only on its illegal activity, “paunch” earned about 50 thousand US dollars, and his white car was a white “Porsche Cayenne”.
www.group-ib.ru/index.php/7-novosti/1362-group-ib-pomogla-presech-deyatelnost-izvestnogo-khakera-s-psevdonimom-paunch
ESET antivirus products detect malicious web pages and Blackhole components like JS /Iframe.DE , Java / Exploit.Blacole , SWF / Exploit.Blacole , and also under common detections like HTML / IFrame .