It appears as if the creator of the popular Blackhole malware toolkit was been arrested in Russia yesterday. Word of the arrest began to leak yesterday morning but details were sketchy. First a mysterious tweet from a Dutch security investigator broke the news. Then a former Russian police detective in contact with Russia’s federal government told Reuters that the suspect, who is known in hacking circles as “Paunch,” had been arrested. He provided no details. Then others began to notice that the malware java applet had not been updated (it is typically updated once or twice each day) and the encryption service used to encrypt, crypt.am, the kit had been offline for a few days. Later, Europol confirmed the arrest of a “high-level suspected cyber-criminal”.
According to Ziff Davis,
“The software kit is focused on “drive-by” download attacks, and allows cybercriminals to inject malware on to a personal computer by redirecting users through phishing emails or visiting compromised websites. Once a user visits a malicious page, a payload is forwarded on to the system, where vulnerabilities in software are scanned for and exploited. Once flaws are found, malicious software can be downloaded on to a PC without the user’s knowledge, including malware and trojans. The kit consists of a series of PHP scripts designed to run on a web server, and the scripts are all protected with the commercial ionCube encoder. Blackhole targets a range of client vulnerabilities, with recent emphasis on flaws in Adobe Reader, Flash and Java. Hackers can rent Blackhole for different periods of time, with an annual license costing $1500. The exploit kit was first released in late 2010, and the latest version, Blackhole 2.0, was released in 2012, taking advantage of modern vulnerabilities in commonly used software.”
Russia has one of the largest pools of talented hackers and an advanced underground economy that unites customers and programmers with those who control networks of compromised computers and can install new malicious programs at will. As with the hoard of recent TOR arrests, more malware creator arrests are believed to be coming soon. Other popular malware toolkits include Cool, Styx, SweetOrange, Whitehole, SofusFO, Bleeding Life, Newsploit, Neutrino, Glazunov, and Nuclear.