According to release announcement on Pastebin
by unknown developers in a Russian-language BlackHole Exploit Kit 2.0
released with more latest Exploits. Black Hole is one of the most
dominant exploit toolkits currently available in the underground market.
It enables attackers to exploit security holes in order to install
malicious software on victim's systems.
The new variant doesn’t rely on
plugindetect to determine the Java version that’s installed, thus
speeding up the malware download process. Old exploits that were causing
browsers to crash and “scary visual effects” have been removed.
The exploit kit is offered both
as a "licensed" software product for the intrepid malware server
operator and as malware-as-a-service by the author off his own server.
Some interesting claims by developer about new version:
- prevent direct download of executable payloads
- only load exploit contents when client is considered vulnerable
- drop use of PluginDetect library (performance justification)
- remove some old exploits (leaving Java atomic & byte, PDF LibTIFF, MDAC)
- change from predictable url structure (filenames and querystring parameter names)
- update machine stats to include Windows 8 and mobile devices
- better breakdown of plug-in version information
- improved checking of referrer
- block TOR traffic
Finally, a number of “private
tricks” have been implemented, which the author prefers to keep a secret
because he fears that competitors and antivirus companies are “sneaking
around.” The developer offers a one-day rental of capacity on his
server for as little as $50, up to a month-long lease for $500 (with
larger fees for traffic over 70,000 web hits per day).
For those who want to run their
own BlackHole server, licenses start at $700 for a 3-month license
(which includes software support) and range up to $1,500 for a full
year, plus $200 for the multidomain version. For those who want to cover
their tracks, a site clean-up package comes priced at $300.