Blackhole: Today’s malware market leader

Featuring research by SophosLabs

A close inspection of Blackhole reveals just how sophisticated malware authors have become. Blackhole is now the world’s most popular and notorious malware exploit kit. It combines remarkable technical dexterity with a business model that could have come straight from a Harvard Business School MBA case study.  And, barring a takedown by law enforcement, security vendors and IT organizations are likely to be battling it for years to come.

An exploit kit is a pre-packaged software tool that can be used on a malicious web server to sneak malware onto your computers without you realizing it. By identifying and making use of vulnerabilities (bugs or security holes) in software running on your computer, an exploit kit can automatically pull off what’s called a drive-by install. This is where the content of web page tricks software—such as your browser, PDF reader or other online content viewer—into downloading and running malware silently, without producing any of the warnings or dialogs you would usually expect. Like other exploit kits, Blackhole can be used to deliver a wide variety of payloads. Its authors profit by delivering payloads for others, and they have delivered everything from fake antivirus and ransomware to Zeus and the infamous TDSS and ZeroAccess rootkits. Blackhole can attack Windows, OS X, and Linux. It is an equal opportunity victimizer.