Blackhole Exploit Kit Dominate the Web Threats

Some online advertising companies are doing an organized way in placing their banners, there is a whole marketing team that will contact website owner to ask for placing a banner by just installing a certain plugin. This has been a very good way to manage their online marketing and what they are displaying on that space.

Black Hole Exploit Kit authors are now following this innovative and organized technique to spread their malware. Security expert Brian Krebs has posted a detailed analyzes about this case.


[1] Screenshot Blackhole exploit pack Admin panel


“A perfect example of crimevertising 2.0 is the interface for the Blackhole Exploit Kit, crimeware that makes it simple for just about anyone to build a botnet. The business end of this kit is stitched into hacked or malicious Web sites, and visitors with outdated browser plugins get redirected to sites that serve malware of the miscreant’s choosing. Blackhole users can monitor new victims and the success rates of the compromised sites using a browser-based administrative panel.” [1]

According to Brian article Blackhole exploit pack owners may sell the ad space with period control so they may specify starting and ending date with the auto update interval. Price of one month ad is about 700$ and you can place it anywhere.

On the other hand M86Lab have just released report about their finding on the second half of 2011 where they detected that 95.1% of malicious website are hosting BlackHole kit exploit with different versions but the 1.0.3 is the widely used by more than  60%.

To protect yourself against any threat I recommend following NSA “Best Practices for Keeping Your Home Network Secure”.



Notify of
Newest Most Voted
Inline Feedbacks
View all comments

[…] the required patch, this made most Mac OSX users open to this kind of malware and especially that a Blackhole exploit kit version is exploiting this […]


Haha…The Autoupdate interval is for the Statistiques that are below, as well as the Start and End Date. Nothing to deal with the Banner.

Krebs is not talking about the Blackhole Exploit Kit Owner but the one that created it and sell it to its customers (the Owners…)


The admin kit is also serving for selling ad space not only states…


[…] domain is hosting BlackHole v2.0 exploit kit which is a Trojan that allows attacker to run payloads on victim computer and make the infected […]