Blackhole 2.0 used as bait to attract cybercriminals

According to Symantec, this is the first time the name of a popular exploit kit has been used to attract cybercriminals.

Symantec says it has discovered a website hosting what is advertised as version 2.0 of the forthcoming Blackhole Exploit Kit. There's an interesting twist to this story: According to the vendor, the site uses Blackhole 2.0 as bait to lure cybercriminals to the page in hopes they'll stick around and read advertisements.

"This method is not new; spammers often use names of famous people and products or the latest news events to try to lure users into reading their spam emails," a Symantec spokesman told me by email. "But this is the first time we have seen a popular exploit kit name used in this way that could attract cyber criminals."

The website offers a service for registering domain names, one for server hosting, and another for encrypting JavaScript and iframes. Altogether these services could offer cybercriminals a complete infrastructure for hosting cybercrime operations. "Clearly the intended audience for this page are cybercriminals interested in using an exploit kit and would need an infrastructure for hosting," the spokesman said.

A full analysis is available in the Symantec Security Response blog.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies