Due to the recent rise on MDL and also due to alot of mails request for demystifying BH (you know who you are)
Here is a post on the latest version of this exploit kit (v1.1.0)
Panel is not from us (MalwareInt) it's just a takeover on a random panel :þ
NB: My friend ScriptKiddieSec have found a russian 'ReadMe' of BH, you can read it here if you have access.
--
Black Hole - Exploits Kit
Coders: Naron and Paunch
Let's start by the begining: the login page of BH:
Пароль: password
Язык: Panel language (Russian/English)
Шаблон: Template (default/PDA)
The panel is in PHP/AJAX, stuff can be moved it's nicely modulable.
'Main' page (Global stats):
Threads:
Files list:
Scan4you detections (using the bad guys account):
Blacklist, for block good guys :þ
Preferences of BH, (Default language, Scan4You account, stats etc..):
Thread preference/making:
A thread:
Individual thread statistic:
The infect page (who seem just a fake 404 page)
but if you see the source you will find a malicious obfuscated javascript, (iframes who lead to various CVE generaly)
And sometime with really weird things
picture by Hendrik Adrian (@unixfreaxjp):
These 'Google error' page not the first time i meet them...
I've already explained some interesting things of Black Hole on the past: Trojan.Ransom (HomoBlocker)
Your Antivirus (e.g: Avast?), can probably alert you about this page due to the obfuscated code stepas.js but nothing will arm you ;)
Related:
Black Hole v1.0.0 Exposed
"Blacklist, for block good guys :þ"
ReplyDeleteGreat idea! xD
Want Blackhole so bad.
ReplyDelete