Sunday, 26 June 2011
An overview of Blackhole exploit kit v1.1.0
Due to the recent rise on MDL and also due to alot of mails request for demystifying BH (you know who you are)
Here is a post on the latest version of this exploit kit (v1.1.0)
Panel is not from us (MalwareInt) it's just a takeover on a random panel :þ
NB: My friend ScriptKiddieSec have found a russian 'ReadMe' of BH, you can read it here if you have access.
Black Hole - Exploits Kit
Coders: Naron and Paunch
Let's start by the begining: the login page of BH:
Язык: Panel language (Russian/English)
Шаблон: Template (default/PDA)
The panel is in PHP/AJAX, stuff can be moved it's nicely modulable.
'Main' page (Global stats):
Scan4you detections (using the bad guys account):
Blacklist, for block good guys :þ
Preferences of BH, (Default language, Scan4You account, stats etc..):
Individual thread statistic:
The infect page (who seem just a fake 404 page)
And sometime with really weird things
picture by Hendrik Adrian (@unixfreaxjp):
These 'Google error' page not the first time i meet them...
I've already explained some interesting things of Black Hole on the past: Trojan.Ransom (HomoBlocker)
Your Antivirus (e.g: Avast?), can probably alert you about this page due to the obfuscated code stepas.js but nothing will arm you ;)
Black Hole v1.0.0 Exposed