StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Blackhole Exploit Kit - What They Are and How They Work - Case Study Example

Cite this document
Summary
The paper "Blackhole Exploit Kit - What They Are and How They Work"  indicates Blackhole exploit general and unique traits. It has delivered in all the three aspects of exploit kits critical to differentiating between exploit kits including traffic, business model, and evasion of detection…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.8% of users find it useful
Blackhole Exploit Kit - What They Are and How They Work
Read Text Preview

Extract of sample "Blackhole Exploit Kit - What They Are and How They Work"

Blackhole Exploit Kit Introduction The Blackhole exploit kit is defined as the framework designed to deliver exploits through third party or compromised websites (Rajaraman, 2011). Experts in information technology and computer sciences consider it as the web threat that is currently the most prevalent. The primary purpose of the Blackhole exploit kit is aimed at delivering a malicious payload or exploits to the computer of a victim. It is most notable for its sophisticated Traffic Direction Script (TDS), which enables attackers to construct or configure rules that enforce custom responses. It can deliver various malware depending on the operating system and geographical location of the victim, or depending on the time of day or other criteria that the attacker has identified (Howard, 2012). Often, a user would visit a compromised though legitimate website that had been outfitted with an external or iframe reference that point to the Blackhole exploit site. Because of this invisible call, malware and exploits would be delivered silently while the user is browsing on a legitimate but compromised website. The victim would not be redirected forcibly as there would be no external sign and the user is likely to remain on the legitimate website and it is likely that he or she would be unaware that malware is loading in the background (International Business, 2012). In order to have a better understanding of this topic, this paper will discuss in more details what Blackhole exploit kits are and how they work. In recent times, the Blackhole exploit kit has gained wide adoption and it is one of the most common exploit frameworks that are used for delivery of web-based malware (Ouchn, 2012). This type of crimeware Web application was developed by a Russian hacker known as HodLum to take advantage of exploits that are unpatched to hack computers through malicious scripts that are planted on legitimate but compromised websites. The first Blackhole exploit kit appeared in the market in August 2010 (Howard, 2012). Since then, there have been newer releases, as well as a free version of the kit. The Blackhole exploit kits are based on a MySQL and PHP backend, and incorporate support for exploiting the most vulnerable and widely used security flaws with the purpose of providing hackers with the highest successful exploitation probability (Rajaraman, 2011). Typically, these kits target the Windows operating system version, as well as applications that have been installed on Windows platform. The most famous Blackhole exploit kit attack was in April 2011 that targeted the website of the United States Postal service’s Rapid Information Bulletin Board System (RIBBS) (Wisniewski, 2012). There are various versions of the Blackhole exploit kit including v1.2.2, which was released in February of the year 2012, and it is the most recent version and v1.0.0 version, which was released in late 2010 and was the first version (Ouchn, 2012). The Blackhole exploit kit is made up of various PHP scripts series that are designed to run on a website or a web server. These scripts are protected using the commercial ionCube encoder presumably to prevent other miscreants against stealing their code and therefore hindering analysis (International Business, 2012). The Blackhole exploit kit has general characteristics that enable them to deliver exploits through compromised websites. These characteristics include configuration options for the usual parameters such as redirect URLs, file paths, querystring parameters, passwords and usernames. Others include blocking/blacklisting characteristics including import blacklisted ranges, maintain IP blacklist, only hit any IP once, and blacklist by referrer URL; MySQL backend; targets various client vulnerabilities; management console that provides statistical summary and break down successful infections including country, browser, affiliate/partner, operating system, and exploit; auto update; and AV scanning add-ons (Howard, 2012). While these characteristics may apply to other several kits, some features are unique to Blackhole exploit kit. Unlike other exploits that are commodities that can be sold, Blackhole includes rental strategy that allows individuals to pay for the use of the hosted exploit kit for certain duration of time. In fact, Blackhole exploit kit is not exclusively rental as there are other licenses that are also available (Rajaraman, 2011). Exploit kits often target a range of client vulnerabilities and Blackhole exploit kit is no exception. Like most exploit kits, Blackhole targets a range of vulnerabilities of certain clients. The recent emphasis on vulnerabilities by Blackhole has been in Java, Adobe Flash, and Adobe Reader (International Business, 2012). The dramatic rise in the number of malicious samples in recent years has been attributed mainly to server-side polymorphism (SSP) functionality. SSP functionality is defined as the situation where the encryption engine is hosted on the web server’s scripts, mostly PHP, and is periodically used in rebuilding the content. Therefore, it is suited perfectly to all threats that are web-delivered. The technique is most effective when used to files that can easily be generated upon each request such as PDF and HTML, but can also be used in building polymorphic content for many types of files. It is worth noting that all exploit kits including Blackhole use SSP functionality in trying to evade detection (Howard, 2012). Blackhole has been identified as one of the most persistent threat campaigns that have ever been experienced in the information technology world. Coordinated nature of changes in code obfuscation has been identified as one of the Blackhole’s peculiarities (Ouchn, 2012). It is speculated that this peculiarity arise because of the centralized control that is provided by Blackhole’s rental mode. Contrary to the experience of other exploit kits where attackers buy the kit and administer or host themselves, updates tend to be deployed very fast to Blackhole websites. When comparing the threat that Blackhole pose against other web threats in the threat statistics, Blackhole features prominently. Of the threats detected, redirects from legitimate sites makes up the bulk in Blackhole exploit kit. Blackhole dominates approximately have of the exploits websites thereby implying that it is the most dominant in the market (Ouchn, 2012). Being the most dominant, how does one mount defense against this kit? Information technology and computer science experts explain that such kind of defense can be mounted by making sure that the operating system, browser plugins, and browser in use are up to date (Rajaraman, 2011). Since the Blackhole targets vulnerabilities in old versions of browsers like Safari, Google Chrome, Firefox, and Internet Explorer, and popular plugins like Java, Adobe Flash and Adobe Acrobat, it is critical that they are updated frequently. In addition, a defense against the Blackhole exploit kit can be mounted by running a security utility with good host-based intrusion prevention system and a good antivirus (Howard, 2012). As a result of the polymorphic code that is used to generate the Blackhole exploit kit’s variants, there is high possibility that antivirus will lag behind the new variants of the kit that are automated. However, altering the algorithm applied in loading malware onto computers of victims will take more effort from the criminal(s) who is developing this type of kit. Apart from changing the algorithm as a measure of mounting defense against this kit, good HIPS should be used to defend against emerging or new Blackhole’s variants that use algorithms that were previously known (International Business, 2012). Experts in the field of information technology and computer science have been trying to find out why Blackhole has grown to become the most successful and prolific exploit kit used in today’s world. Howard (2012) argues that since the primary goal of exploit kits is to provide service for persons who want to infect computer users with malware, the kit that best achieves this goal is considered the most successful. Currently, Blackhole is considered as the most successful exploit kit. So, what are the key factors that are differentiating Blackhole from other exploit kits and make it the most successful? Experts observe that Blackhole delivers in all the aspects that make exploit kits successful. The first aspect is traffic, that is, how much user traffic is redirected to a particular exploit kit. In this respect, Blackhole delivers as it has significant volumes of web traffic being redirected to sites that are hosting it (Ouchn, 2012). This can be attributed to the defacement of large numbers of website that are legitimate, as well as to multiple spam campaigns. Blackhole exploit kit’s authors have taken measures to retain control in exploit kit market by encoding the scripts in order to prevent others from copying the business model and code including a rental option that allows individuals to pay for hosting a service (Rajaraman, 2011). Blackhole’s content is extremely polymorphic and aggressively obfuscated. The second aspect that differentiates between exploit kits and makes one kit more successful compared to others is evasion of detection that entails blocking of a kit through content URL filtering which ensures that content detection and IDS fail. Blackhole has delivered this aspect by taking efforts geared towards evading detection although some aspects of the kit such as its query string structure, filenames, and URL paths have remained stagnant over considerable duration of time (Howard, 2012). The final aspect that differentiates successful exploit kits is that of business model. This aspect determines whether an exploit kit is competitive in the market. A kit that is considered competitive is that which has a sound business model and is competitively priced. For the past 12-18 months, Blackhole has been the most notorious and prevalent of the exploit kits that are used to infect people’s computers with malware (Howard, 2012). Blackhole has used some techniques and tricks to shape what it sees as competing kits presently an in the future. Many experts in the information technology industry argue that in the absence of legal intervention against the Blackhole exploit kit, it will continue to be one of the main through which users are infected with malicious scripts or malware (Rajaraman, 2011). Conclusion In recent years, the number of malware has increased significantly because of the use of automation, as well as kits to facilitate its distribution and creation. It is type of crimeware that takes advantage of exploits that are unpatched with the view of hacking computers through malicious scripts that are planted on legitimate but compromised websites. As has been noted, Blackhole exploit has general characteristics that could apply equally to other kits. Besides, it has unique features that make it to be the most successful exploit kits. It has delivered in all the three aspects of exploit kits that are critical to differentiating between exploit kits including traffic, business model, and evasion of detection. While Blackhole exploit kit is the most successful exploit kit, users can mount defenses against it. The defenses include making sure that operating system, browser’s plugins, and browsers are up to date, and by running security utility with good HIPS and good antivirus. References Howard, F. (2012). Exploring the Blackhole Exploit Kit. Retrieved on 23 November from http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-14/ International Business, T. (2012, August 29). New Java Vulnerability Being Exploited by Blackhole-based Attacks. International Business Times. Ouchn, N. (2012). BlackHole Exploit Kit 2.0 Released and Updated with New Exploits. Retrieved on 23 November, 2012 from http://www.toolswatch.org/2012/09/blackhole-exploit-kit-2-0-released-updated-with-new-exploits/ Rajaraman, V. (2011). Fundamentals of computers. New Delhi: PHI Learning Private Ltd. Wisniewski, M. (2012). U.S. Found on Top in Malware Attacks. American Banker, 177(137), 11. Read More
Tags
Cite this document
  • APA
  • MLA
  • CHICAGO
(Blackhole Exploit Kit - What They Are and How They Work Case Study Example | Topics and Well Written Essays - 1750 words - 1, n.d.)
Blackhole Exploit Kit - What They Are and How They Work Case Study Example | Topics and Well Written Essays - 1750 words - 1. https://studentshare.org/information-technology/1786157-blackhole-exploit-kit-what-are-they-and-how-do-they-work
(Blackhole Exploit Kit - What They Are and How They Work Case Study Example | Topics and Well Written Essays - 1750 Words - 1)
Blackhole Exploit Kit - What They Are and How They Work Case Study Example | Topics and Well Written Essays - 1750 Words - 1. https://studentshare.org/information-technology/1786157-blackhole-exploit-kit-what-are-they-and-how-do-they-work.
“Blackhole Exploit Kit - What They Are and How They Work Case Study Example | Topics and Well Written Essays - 1750 Words - 1”. https://studentshare.org/information-technology/1786157-blackhole-exploit-kit-what-are-they-and-how-do-they-work.
  • Cited: 0 times

CHECK THESE SAMPLES OF Blackhole Exploit Kit - What They Are and How They Work

Refrigerator, how does it work

Running head: REFRIGERATOR, HOW IT work 31st October 2013 Introduction One of the best technologies that human being has invented for food storage is the refrigerator.... This paper keenly discusses how refrigerator works as well as its history and associated design processes....
3 Pages (750 words) Research Paper

How Nerves Work

The researcher of this paper aims to show how the nerves in our body work.... … The paper "How Nerves work" gives the detailed information about the whole work of human nerve system.... You must be wondering how electricity is generated in the cells.... After this for a while the channels wont open , no matter what the stimulation....
3 Pages (750 words) Essay

How does the economy of Iceland work

The existence of both capitalistic and socialistic ideologies in How does the economy of Iceland work?... The paper will explore how the economy works towards its sustainability. One of the… The country's economy is social based with a mixture of socialism, capitalism, and free market frameworks.... The paper will explore how the economy works towards its sustainability.... ne of the characteristic features of the Iceland's economy and an indication of how it works is its mixed market system....
2 Pages (500 words) Essay

Explain the difference between a security vulnerability and an exploit

what is a Security Exploit?... om/what-is-real-exploits.... Hence, a vulnerability is a weak spot in a system that implies a danger, particularly… A lone vulnerability can be targeted by hundreds or thousands of dissimilar exploits. An exploit refers to an assault program developed by spiteful hackers to utilize a vulnerability, usually for the reason of running random code on a specified Running head: Security Vulnerability and an exploit The Difference between Security Vulnerability and an exploit Insert Insert Grade Insert Tutor's Name30 June 2012A security vulnerability refers to a fault in a computer function, operating system, or practice that can be utilized to make application to function in a manner not intended by its designers....
2 Pages (500 words) Essay

How business work

They learn how innovative measures can considerably increase productivity and grow.... SBDC encourages students and entrepreneurs to exploit personal competencies through innovative ideas and business plans that can be successfully implemented.... SBDC or Small Business Development Center is major facilitator that enables entrepreneurs to start their own business and helps… The major advantages of working with SBDC are its free consultancy, financial analysis to understand changing business dynamics and help develop plan to establish new businesses....
1 Pages (250 words) Assignment

How Does the Brain Work

A single stimulus is determined by the brain evaluating the activity How does the brain work?... Works citedHow does the brain work?... Since the human brain does not see everything around it and the fact that the entire world around the human brain is full of stimuli, relativity is used to construct pictures of how things are like.... On the contrary, the brain responds to the most neurons that respond to one stimulus and then makes creates the picture of how things are....
1 Pages (250 words) Essay

What Is Karma and How Does It Work

In the essay “What Is Karma and how Does It Work?... What is karma and how does it work?... Imagine how great it would be if all our actions and thoughts would influence our karma and then our lives.... Imagine how great it would be if all our actions and thoughts would influence our karma and then our life.... Let's have a look at how it works in real life.... what goes around comes around....
2 Pages (500 words) Essay

Art as a Form of Creative Work in Society

rt has an immense value in expressing the social beliefs of a certain class and how they look at other classes.... This can make people more alerted about the atrocities of the wealthy class and how low-class people are exploited.... This essay "Art as a Form of Creative work in Society" presents art that is a form of creative work which emphasize on social issue and aspects happening in society....
5 Pages (1250 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us