Blackhole exploit kit author arrested

Read time 2min 40sec
The arrest will present a huge opportunity for small, agile exploit packs to take over.
The arrest will present a huge opportunity for small, agile exploit packs to take over.

The alleged author of the notorious Blackhole exploit kit, who goes by the handle 'Paunch', has been arrested in Russia.

Blackhole has been described by experts as one of the most virulent threats, and was unique in its first version, as it offered a 'rental' business model.

While exploit kits are usually sold outright to individuals to use as they choose, Blackhole offered its customers a rental option, where they only paid to use the hosted exploit kit for a certain period of time.

The arrest was first announced in a tweet by security researcher Maarten Boone, from Dutch firm Fox-IT. It was later confirmed by TechWeek, which spoke to Troels Oerting, head of the European Cybercrime Centre, an arm of Europol, although no details were given.

Major win

Uri Rivner, VP of business development and cyber strategy at BioCatch, says the arrest looks like a major win: "This is the cyber underground equivalent of Microsoft dropping Windows Explorer."

He says Blackhole is massively popular with fraudsters across the globe as it is an inexpensive, easy-to-use, and quite lethal tool that serves as the weapon of choice for infecting computers.

"Fraudsters who currently use Blackhole will soon learn that its performance is quickly degrading. By nature, exploit packs need plenty of ongoing research and support."

He says the author needs to constantly locate and exploit new vulnerabilities in popular Internet browsers and components such as Adobe Flash, Acrobat PDF and Oracle Java ? and at the same time make sure anti-malware tools don't discover the infection process. "Additional work is needed for auxiliary services like encryption, documentation and customer support.

"If the author is indeed behind bars, and no one steps in to maintain Blackhole, it will stop being effective," he explains.

This would appear to be the case, as another researcher who goes by the name Kafeine, told TechWeek that the malicious Java applet used by Blackhole which used to be updated daily has not been updated in several days.

However, Rivner says the arrest will also present a huge opportunity for small, agile exploit packs to take over, as Blackhole's customers won't just wait patiently for it to die - they will quickly seek out alternatives.

International effort

Rivner believes that although the arrest was made in Russia, it was probably an international effort. "Often US law enforcement agencies such as the FBI and the Secret Service provide local authorities with the necessary intelligence and forensics required to expose the developer's true identity and collect incriminating evidence."

He adds it is likely Blackhole was quite a big operation with a sizeable chain of suppliers, contributors, resellers and such, which means interrogating the author may lead to consecutive arrests.

Login with