A Closer Look at Blackhole Malware Attacks

The amount of malware has skyrocketed over the past several years. This is primarily due to an increase in automation and easily available exploit kits. One of the most commonly used pieces of criminal malware is the blackhole exploit kit. This type of kit can be used in a variety of different ways, which makes it important for users to understand exactly what it is and what Internet security risks it presents.

What is an Exploit Kit?

And exploit kit is any tool used by hackers and attackers to quickly get their dangerous software installed on the target’s device. It accomplishes this by taking advantage of known security vulnerabilities to deliver malicious payloads. There are a variety of different types of exploit kits which can be tied to all types of Internet security threats.

How Prevalent is the Blackhole Exploit Kit?

During the first half of 2012, nearly 30%of all detected Internet security threats were tied to blackhole kits. The most common way to spread blackhole exploit kits is by using the drive-by redirect strategy where users are redirected to malicious websites. In total, there are two primary ways hackers expose users to blackhole exploit kits.

· Compromised Legitimate Websites

The most common way hackers spread exploit kits is by compromising legitimate websites and servers to serve the code for them. Any time a user lands on an infected page, the Internet security threat silently loads content from the blackhole exploit website. In most cases, the redirects are not link directly to the exploit site, but rather a remote server which then loads the exploit site.

· Spam

Spam has long been one of the largest Internet security threats because it can be used to spread all types of malicious software, including blackhole exploit kits. In the past, spam was relegated primarily to e-mail however social media has also become a popular platform for hackers to spread spam and other Internet security threats.

How Does a User Become Infected By a Blackhole Exploit Kit?

Once a user lands on a compromised or infected webpage, the user’s Internet browser loads the exploit kit from the landing page. The first action that takes place is the landing page fingerprints the user’s device to identify what software is being run. This includes the operating system, Internet browser, Flash, and Java. It then loads the relevant blackhole exploit kit components.

What Happens Once the Blackhole Exploit Kit is Loaded?

The first element of blackhole malware is an obfuscated JavaScript which exists on the webpages of compromised sites. The second element is the actual program which identifies weaknesses in the user’s device Internet security defenses. The final element is loading specific code based upon the weaknesses discovered.

How to Protect Devices from Blackhole Exploit Kits?

Internet security experts have identified several technologies which can effectively protect devices against this type of exploit attack. They include spam filters, web filters, and patching/updating software to overcome known security vulnerabilities. Malware of all types are particularly pervasive online and should be considered a primary Internet security threat. Only by taking the necessary Internet security protection steps can a device be truly secure. Help secure your browsing by using a VPN.