Blackhole Botnet Creator Buys Up Zero Day Exploits

  /     /     /  
Publicated : 22/11/2024   Category : security


Blackhole Botnet Creator Buys Up Zero Day Exploits


Crimeware toolkit is apparently so successful that creator been given $100,000 to shop for the latest vulnerabilities.



The gang behind the Blackhole crimeware toolkit has earned so much money from renting the malicious software that its creator has been given $100,000 to procure the best Web browser exploits and zero-day flaws.
That finding was first reported by
security journalist Brian Krebs
, who discovered the information in a post made on an underground, Russian-language cybercrime forum by an associate of Paunch, the creator of Blackhole.
We are setting aside a $100K budget to purchase browser and browser plug-in vulnerabilities, which are going to be used exclusively by us, without being released to public (not counting the situations, when a vulnerability is made public not because of us), according to a translation of the post published by Krebs. Not only do we purchase weaponized (ready) exploits, but also their descriptions and proof of concepts (with subsequent joint work with our specialists).
The Blackhole toolkit is used to
infect legitimate websites
with malicious code, after which the infected website can be used to launch drive-by attacks that target browser vulnerabilities and then compromise the underlying PC. From there, attackers can steal login credentials for financial websites, make the PCs serve as
spam relays
or press the PCs into service as part of a
botnet
.
[ From Muslim bank hacktivists to major hacker busts, 2012 was a busy year for security experts. See whats ahead; read
7 Top Information Security Trends For 2013
. ]
Blackhole isnt available to buy. Rather, it can only be
rented
for about $50 per day, $700 for three months or $1,500 for one year.
Success in the
crimeware toolkit market
is predicated on selling -- or in the case of Blackhole, renting -- software that successfully infects as many PCs as possible in the shortest possible amount of time. Accordingly, the most successful crimeware creators tend to rapidly add exploits for the latest known vulnerabilities to their software to help their buyers or subscribers compromise more PCs, thus maximizing their potential illicit revenue.
Not surprisingly, the gang behind the Blackhole toolkit regularly updates the software to allow it to exploit the latest zero-day flaws. Last year, for example, an
exploit for a Java zero-day vulnerability
was added to Blackhole less than 12 hours after the bug was first detailed publicly. The severity of the flaw and as its inclusion in a crimeware toolkit -- as well as in the open source Metasploit framework -- led security experts to recommend that Java be deactivated on all PCs, pending a fix from Oracle.
Blackholes creator, Paunch, last year told Krebs via IM that the one exploit could have been worth $100,000 if sold on the
zero-day vulnerability market
. As that suggests, Paunch already seemed to have a familiarity with the buying and selling of zero-day vulnerability information.
Evidence that Blackhole has been paying off handsomely for its creators comes not just from Paunchs apparent $100,000 zero-day vulnerability budget, but also from the fact that the Blackhole gang now rents not just the basic version of the crimeware toolkit, but also a $10,000 per month exploit pack called the Cool Exploit Kit, which first began appearing in October 2012. So far, the pricey exploit pack has only been used by two
ransomware criminal gangs
, according to
researchers
. In particular, one of the gangs has been launching
Raveton malware attacks
that lock peoples PCs, then demand the user pay a fine, supposedly to the FBI or another government agency. In reality, the money goes into the criminals coffers.
In the case of Cool, the exploit pack last year included an innovative Windows vulnerability that first
appeared in Duqu
, according to a French information security researcher known as Kafeine. Duqu was reportedly the product of a U.S. cyber-weapons program, thus illustrating that yesterdays espionage tool quickly becomes the inspiration for todays cybercrime malware.
Indeed, speaking recently by phone, Bit9 CTO Harry Sverdlove warned that one side effect of
government-commissioned espionage malware
is that it helps criminals rapidly advance the state of the art of their own malicious code. It raises the bar for everyone -- the techniques, if not the source code, he said.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Blackhole Botnet Creator Buys Up Zero Day Exploits