StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Blackhole Exploit Kit - Research Paper Example

Cite this document
Summary
In the paper “Blackhole Exploit Kit” the author defines the Blackhole exploit kit as the framework designed to deliver exploits through a third party or compromised websites. Experts in information technology and computer sciences consider it as the web threat…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.1% of users find it useful
Blackhole Exploit Kit
Read Text Preview

Extract of sample "Blackhole Exploit Kit"

Blackhole Exploit Kit Introduction The Blackhole exploit kit is defined as the framework designed to deliver exploits through third party or compromised websites (Rajaraman, 2011). Experts in information technology and computer sciences consider it as the web threat that is currently the most prevalent. The primary purpose of the Blackhole exploit kit is aimed at delivering a malicious payload or exploits to the computer of a victim. It is most notable for its sophisticated Traffic Direction Script (TDS), which enables attackers to construct or configure rules that enforce custom responses. It can deliver various malware depending on the operating system and geographical location of the victim, or depending on the time of day or other criteria that the attacker has identified (Howard, 2012). Often, a user would visit a compromised though legitimate website that had been outfitted with an external or iframe reference that point to the Blackhole exploit site. Because of this invisible call, malware and exploits would be delivered silently while the user is browsing on a legitimate but compromised website. The victim would not be redirected forcibly as there would be no external sign and the user is likely to remain on the legitimate website and it is likely that he or she would be unaware that malware is loading in the background (International Business, 2012). In order to have a better understanding of this topic, this paper will discuss in more details what Blackhole exploit kits are and how they work. In recent times, the Blackhole exploit kit has gained wide adoption and it is one of the most common exploit frameworks that are used for delivery of web-based malware (Ouchn, 2012). This type of crimeware Web application was developed by a Russian hacker known as HodLum to take advantage of exploits that are unpatched to hack computers through malicious scripts that are planted on legitimate but compromised websites. The first Blackhole exploit kit appeared in the market in August 2010 (Howard, 2012). Since then, there have been newer releases, as well as a free version of the kit. The Blackhole exploit kits are based on a MySQL and PHP backend, and incorporate support for exploiting the most vulnerable and widely used security flaws with the purpose of providing hackers with the highest successful exploitation probability (Rajaraman, 2011). Typically, these kits target the Windows operating system version, as well as applications that have been installed on Windows platform. The most famous Blackhole exploit kit attack was in April 2011 that targeted the website of the United States Postal service’s Rapid Information Bulletin Board System (RIBBS) (Wisniewski, 2012). There are various versions of the Blackhole exploit kit including v1.2.2, which was released in February of the year 2012, and it is the most recent version and v1.0.0 version, which was released in late 2010 and was the first version (Ouchn, 2012). The Blackhole exploit kit is made up of various PHP scripts series that are designed to run on a website or a web server. These scripts are protected using the commercial ionCube encoder presumably to prevent other miscreants against stealing their code and therefore hindering analysis (International Business, 2012). The Blackhole exploit kit has general characteristics that enable them to deliver exploits through compromised websites. These characteristics include configuration options for the usual parameters such as redirect URLs, file paths, querystring parameters, passwords and usernames. Others include blocking/blacklisting characteristics including import blacklisted ranges, maintain IP blacklist, only hit any IP once, and blacklist by referrer URL; MySQL backend; targets various client vulnerabilities; management console that provides statistical summary and break down successful infections including country, browser, affiliate/partner, operating system, and exploit; auto update; and AV scanning add-ons (Howard, 2012). While these characteristics may apply to other several kits, some features are unique to Blackhole exploit kit. Unlike other exploits that are commodities that can be sold, Blackhole includes rental strategy that allows individuals to pay for the use of the hosted exploit kit for certain duration of time. In fact, Blackhole exploit kit is not exclusively rental as there are other licenses that are also available (Rajaraman, 2011). Exploit kits often target a range of client vulnerabilities and Blackhole exploit kit is no exception. Like most exploit kits, Blackhole targets a range of vulnerabilities of certain clients. The recent emphasis on vulnerabilities by Blackhole has been in Java, Adobe Flash, and Adobe Reader (International Business, 2012). The dramatic rise in the number of malicious samples in recent years has been attributed mainly to server-side polymorphism (SSP) functionality. SSP functionality is defined as the situation where the encryption engine is hosted on the web server’s scripts, mostly PHP, and is periodically used in rebuilding the content. Therefore, it is suited perfectly to all threats that are web-delivered. The technique is most effective when used to files that can easily be generated upon each request such as PDF and HTML, but can also be used in building polymorphic content for many types of files. It is worth noting that all exploit kits including Blackhole use SSP functionality in trying to evade detection (Howard, 2012). Blackhole has been identified as one of the most persistent threat campaigns that have ever been experienced in the information technology world. Coordinated nature of changes in code obfuscation has been identified as one of the Blackhole’s peculiarities (Ouchn, 2012). It is speculated that this peculiarity arise because of the centralized control that is provided by Blackhole’s rental mode. Contrary to the experience of other exploit kits where attackers buy the kit and administer or host themselves, updates tend to be deployed very fast to Blackhole websites. When comparing the threat that Blackhole pose against other web threats in the threat statistics, Blackhole features prominently. Of the threats detected, redirects from legitimate sites makes up the bulk in Blackhole exploit kit. Blackhole dominates approximately have of the exploits websites thereby implying that it is the most dominant in the market (Ouchn, 2012). Being the most dominant, how does one mount defense against this kit? Information technology and computer science experts explain that such kind of defense can be mounted by making sure that the operating system, browser plugins, and browser in use are up to date (Rajaraman, 2011). Since the Blackhole targets vulnerabilities in old versions of browsers like Safari, Google Chrome, Firefox, and Internet Explorer, and popular plugins like Java, Adobe Flash and Adobe Acrobat, it is critical that they are updated frequently. In addition, a defense against the Blackhole exploit kit can be mounted by running a security utility with good host-based intrusion prevention system and a good antivirus (Howard, 2012). As a result of the polymorphic code that is used to generate the Blackhole exploit kit’s variants, there is high possibility that antivirus will lag behind the new variants of the kit that are automated. However, altering the algorithm applied in loading malware onto computers of victims will take more effort from the criminal(s) who is developing this type of kit. Apart from changing the algorithm as a measure of mounting defense against this kit, good HIPS should be used to defend against emerging or new Blackhole’s variants that use algorithms that were previously known (International Business, 2012). Experts in the field of information technology and computer science have been trying to find out why Blackhole has grown to become the most successful and prolific exploit kit used in today’s world. Howard (2012) argues that since the primary goal of exploit kits is to provide service for persons who want to infect computer users with malware, the kit that best achieves this goal is considered the most successful. Currently, Blackhole is considered as the most successful exploit kit. So, what are the key factors that are differentiating Blackhole from other exploit kits and make it the most successful? Experts observe that Blackhole delivers in all the aspects that make exploit kits successful. The first aspect is traffic, that is, how much user traffic is redirected to a particular exploit kit. In this respect, Blackhole delivers as it has significant volumes of web traffic being redirected to sites that are hosting it (Ouchn, 2012). This can be attributed to the defacement of large numbers of website that are legitimate, as well as to multiple spam campaigns. Blackhole exploit kit’s authors have taken measures to retain control in exploit kit market by encoding the scripts in order to prevent others from copying the business model and code including a rental option that allows individuals to pay for hosting a service (Rajaraman, 2011). Blackhole’s content is extremely polymorphic and aggressively obfuscated. The second aspect that differentiates between exploit kits and makes one kit more successful compared to others is evasion of detection that entails blocking of a kit through content URL filtering which ensures that content detection and IDS fail. Blackhole has delivered this aspect by taking efforts geared towards evading detection although some aspects of the kit such as its query string structure, filenames, and URL paths have remained stagnant over considerable duration of time (Howard, 2012). The final aspect that differentiates successful exploit kits is that of business model. This aspect determines whether an exploit kit is competitive in the market. A kit that is considered competitive is that which has a sound business model and is competitively priced. For the past 12-18 months, Blackhole has been the most notorious and prevalent of the exploit kits that are used to infect people’s computers with malware (Howard, 2012). Blackhole has used some techniques and tricks to shape what it sees as competing kits presently an in the future. Many experts in the information technology industry argue that in the absence of legal intervention against the Blackhole exploit kit, it will continue to be one of the main through which users are infected with malicious scripts or malware (Rajaraman, 2011). Conclusion In recent years, the number of malware has increased significantly because of the use of automation, as well as kits to facilitate its distribution and creation. It is type of crimeware that takes advantage of exploits that are unpatched with the view of hacking computers through malicious scripts that are planted on legitimate but compromised websites. As has been noted, Blackhole exploit has general characteristics that could apply equally to other kits. Besides, it has unique features that make it to be the most successful exploit kits. It has delivered in all the three aspects of exploit kits that are critical to differentiating between exploit kits including traffic, business model, and evasion of detection. While Blackhole exploit kit is the most successful exploit kit, users can mount defenses against it. The defenses include making sure that operating system, browser’s plugins, and browsers are up to date, and by running security utility with good HIPS and good antivirus. References Howard, F. (2012). Exploring the Blackhole Exploit Kit. Retrieved on 23 November from http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-14/ International Business, T. (2012, August 29). New Java Vulnerability Being Exploited by Blackhole-based Attacks. International Business Times. Ouchn, N. (2012). BlackHole Exploit Kit 2.0 Released and Updated with New Exploits. Retrieved on 23 November, 2012 from http://www.toolswatch.org/2012/09/blackhole-exploit-kit-2-0-released-updated-with-new-exploits/ Rajaraman, V. (2011). Fundamentals of computers. New Delhi: PHI Learning Private Ltd. Wisniewski, M. (2012). U.S. Found on Top in Malware Attacks. American Banker, 177(137), 11. Read More
Tags
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Blackhole Exploit Kit Research Paper Example | Topics and Well Written Essays - 1750 words”, n.d.)
Blackhole Exploit Kit Research Paper Example | Topics and Well Written Essays - 1750 words. Retrieved from https://studentshare.org/information-technology/1460654-blackhole-exploit-kit-what-are-they-and-how-do
(Blackhole Exploit Kit Research Paper Example | Topics and Well Written Essays - 1750 Words)
Blackhole Exploit Kit Research Paper Example | Topics and Well Written Essays - 1750 Words. https://studentshare.org/information-technology/1460654-blackhole-exploit-kit-what-are-they-and-how-do.
“Blackhole Exploit Kit Research Paper Example | Topics and Well Written Essays - 1750 Words”, n.d. https://studentshare.org/information-technology/1460654-blackhole-exploit-kit-what-are-they-and-how-do.
  • Cited: 0 times

CHECK THESE SAMPLES OF Blackhole Exploit Kit

The Criteria Used to Make Judgments in Evaluative Teaching Observation

There are aspects of teaching that the observer might not even think about if there is not a guideline for them to look for the element.... The writer of this paper aims to analyze the criteria used to make judgments in evaluative teaching observation.... hellip; My teaching observation process has been extremely positive....
9 Pages (2250 words) Research Paper

Reasoning In Believers in the Paranormal

From the paper "Reasoning In Believers in the Paranormal" it is clear that the study is very important for the subject of psychology and is a great addition to the previous research.... Anyone who is interested in the paranormal can benefit from this study.... hellip; The approach and methodology of the study have been very satisfactory and convincing....
9 Pages (2250 words) Essay

How Hackers Conduct Cybercrime, Methods to Secure Systems

Hackers are people who exploit weaknesses within computer systems to access the system.... This report indicates that blackhole is a new malware that has heightened the problem of cybercrime.... Surprisingly, US host over 30% of the blackhole sites while China hosts over 5% of these sites....
11 Pages (2750 words) Research Paper

The Idea of Meme

This literature review "The Idea of Meme" aims is to look at Dawkins' theory, as well as other sources and provide further insight into the topic of the meme.... It will also provide a definite statement as to weather the meme is a valid phenomenon or not.... hellip; This theory, the theory of memes and memetics is an excellent way of explaining how we refine our thought process and ideology as humans....
9 Pages (2250 words) Literature review

Blackhole Exploit Kit - What They Are and How They Work

The paper "Blackhole Exploit Kit - What They Are and How They Work"  indicates Blackhole exploit general and unique traits.... The primary purpose of the Blackhole Exploit Kit is aimed at delivering a malicious payload or exploits to the computer of a victim.... n recent times, the Blackhole Exploit Kit has gained wide adoption and it is one of the most common exploit frameworks that are used for the delivery of web-based malware (Ouchn, 2012)....
7 Pages (1750 words) Case Study

Online Human Behavior and Power Law Network

The paper "Online Human Behavior and Power Law Network " states that social networks are structured in a way that there are relationships between social entities.... These entities include organizations, groups of people and websites.... These social networks are analyzed using the percolation theory....
14 Pages (3500 words) Assignment

How Occupation Matches Personal Work Styles and Values

The paper "How Occupation Matches Personal Work Styles and Values" discussed the most salient components related to career plan and how the career planning process will assist to transition from the position of a First Sergeant to that of Sergeant Major (SGM) within the next five years of military service....
8 Pages (2000 words) Assignment

Developing Expertise in the ICT Office

… The paper "Developing Expertise in the ICT Office" is a great example of an assignment on human resources.... The topic of this assignment is Developing Expertise in the ICT Office and the subject of the research is a well-established computer networking business with around 40 employees including four ICT Supervisors....
13 Pages (3250 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us