Malware Hackers Get Dangerously Shifty With Black Hole 2.0

Well here's a bit of a bummer going into the weekend. Apparently the developer responsible for the popular Black Hole exploit kit -- the one that lazy hackers and inexperienced script kiddies are particularly drawn towards -- has released a new version of his nefarious software, with new and improved features designed to evade antivirus scanners. Oh joy.

Black Hole is popular because it's relatively easy to use no matter what the attacker's skill level, and because it's capable of exploiting a number of vulnerabilities. According to security firm Kaspersky, pretty much any backwoods hackabilly can wield Black Hole like a pro and wreak havoc with just a few mouse clicks.

IE Infested

Now is a good time to brush up on your safe computing habits. One of the many new features in Black Hole 2.0 is the ability to use short-term random URLs for delivering exploits.

"Attackers often will compromise legitimate Web sites via SQL injection or some other common method and load their malicious code on the sites and rig it to attack users' browsers with specific exploits as they hit the site," Kaspersky explains. "One problem with this technique from the attacker's point of view is that if the compromised page is detected or removed for some other reason, the attack dies.

"Enter random domain generation. This feature will generate a new, random URL for the attacker's code to live on, sometimes with a shelf life of just a few seconds. This makes detection of malicious pages far more difficult for site owners and security companies."

Sandboxie
Sandboxie runs your programs in an isolated environment (called a "sandbox") to prevent malicious programs from making permanent changes to your PC.

Scary stuff, and it's only one of Black Hole's many new tricks (Protip: Use Sandboxie to run your browser and/or other programs in an isolated environment without the hassle of setting up a virtual machine). The software also casts a wider net by adding more operating systems to the mix, including Windows 8 and a bunch of mobile OSes.

Via:  Kaspersky

blog comments powered by Disqus