Sunday 11 September 2011

Blackhole exploit kit v1.2.0

MDL noticed Blackhole kit's obfuscation and url parameters have been changed

I don't know if a new version was released or what but i've just found a version '1.2.0'
With black market advertisings on the header (i don't remember seeing that on the 1.1.0 version)

Here there is a Start/pause button

I've looked for files info, PHP files was made the 30 Aug.
And all files was ioncubed as usual on the kit, so i believe this is a real new version by Paunch (coder of BH).
Edit: update confirmed, 1.2.0 is out since the beginning of September.


  1. Whats the CVE for the flash exploit? do you have a sample?

  2. No idea of the cve here are the hash of swf files i've found inside
    just send me a mail if you want them.