Sophos Releases Technical Paper on BlackHole Exploit Kit

Researchers believe that the malicious element has been developed in Russia

By on December 3rd, 2012 10:45 GMT

Sophos Labs Principal Researcher Gabor Szappanos has released an interesting technical paper that details the notorious BlackHole exploit kit.

BlackHole has been around for quite some time now and judging by the fact that we keep seeing new versions, it’s unlikely that cybercriminals will stop using it to distribute malware anytime soon.

The paper details the evolution of BlackHole, its source code, the control panel, encryption and its origins.

According to the researcher, there’s a lot of evidence to support the theory that the exploit kit has been developed in Russia.

The default time zone of the installation is hardcoded to Europe/Moscow, the user interface language default is set to Russian, and the date format is set to Little Endian, which is different than the one utilized in US or China.

Furthermore, the English user interface text is less correct than the one in the Russian interface.

The complete technical paper is available here.
BlackHole exploit kit control panel
   BlackHole exploit kit control panel
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

2 Comments