he past few months have been a busy one for Blackhole spam attackers. The last time we discussed Blackhole spam runs, we noted that it had returned from its New Year break and was hitting users again. Previously, we’d reported in September about how a new version of the Blackhole Exploit Kit had been introduced by attackers into the underground. Since September we observed upgrades and new developments in this area, which this post will tackle.
Upgrade to Blackhole Exploit Kit 2.0
Cybercriminals have stopped using the older 1.x version of the Blackhole Exploit Kit entirely and moved to version 2.0 since last September. Most significantly, the URLs no longer have the eight-character-long random strings that were a key part of the 1.x version. These strings made discovering and monitoring websites that were connected to various spam runs easier for researchers.
New vulnerabilities have also been added to the Blackhole Exploit Kit as they have been made “public”. For example, the recent Java zero-day was added to BHEK’s arsenal within days of the vulnerability becoming known to the security industry.
Clearly, these cybercriminals are continuously enhancing this toolkit to evade detection as well as to generate profit from users. Accordingly, Blackhole Exploit Kit was used to distribute known information stealing malware such as ZeuS and Cridex variants.
Increased Usage of Different Infection Chains
read more............http://blog.trendmicro.com/trendlabs-security-intelligence/the-state-of-blackhole-spam/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Anti-MalwareBlog+(Trendlabs+Security+Intelligence+Blog)&utm_content=Google+Reader