Although most security programs do an adequate job of protecting computers from known threats, cybercriminals around the world are hard at work developing new malware and viruses to disrupt people’s lives and steal their information. Every day, new malware — and new means of spreading it —appears online – and in many cases, these new threats are the result of the Blackhole exploit kit.
What Is the Blackhole Exploit?
Believed to have been originally developed in Russia, the Blackhole exploit kit is one of the most prevalent Web threats in the world. By some estimates, nearly 90 percent of all threats are related to the Blackhole. Essentially, what this kit does is deliver a malicious code to your computer — a code that will exploit any security vulnerabilities that may be present and deliver data to the criminals.
When a criminal wants to access personal data from computers, for example, he will lease the Blackhole exploit kit from the authors; one of the most notable facets of this program is that it’s carefully controlled by the authors, and users cannot buy the kit but instead only have access to a limited time license. Once the criminal has the kit, he can customize the kit to his own specifications and then load that code onto a website or into an email.
The code then spreads, via email, social media or search engine results. When an unsuspecting victim clicks on a link in a message, or visits the website, the Blackhole exploit then scans the computer to determine any vulnerabilities on the machine and loads malware to which the computer is vulnerable. The Blackhole kit will then notify the criminal which payloads (malware or viruses) were loaded, and he collects the information he was after.
Protecting Against Blackholes
While antivirus software can help protect you against attacks from older versions of Blackhole exploits, because criminals are constantly adjusting the parameters of the malicious code and launching new websites or redirects, antivirus programs often lag behind. For that reason, consider using an intrusion protection system to block such harmful programs; this is especially important for organizations that have multiple endpoints and users accessing the network from remote locations. When a Blackhole gains access to one computer on a network, in most cases, it’s not long before every computer and device on the network is also infected — potentially giving criminals unfettered access to sensitive data.
Another important step to protecting against Blackhole threats is staying on top of updates. If your operating system, browser and browser plug-ins are out-of-date, there’s a greater chance a Blackhole kit will find a way to exploit that vulnerability. Older versions of all Internet browsers — including Chrome, Firefox and Safari — as well as plug-ins like Adobe Flash and Reader and Java are all vulnerable to Blackhole exploits.
Using a Web reputation service can also help protect against these threats. Web reputation services rate websites on a defined set of criteria; certain factors, such as the Web host, the length of time the site has been active, the IP addresses on the site and suspicious activity or code, will render a low score — and block the site from access. Combined with antivirus and intrusion protection, Web reputation management can help protect your machine and data.
Of course, there is no substitute for knowledge and common sense when it comes to preventing attacks from the Blackhole exploit kit. Never click on suspicious links in email or on social media, and only visit trusted websites. Being constantly on alert for new threats will keep your data safe — protecting your computer, your identity and your money from criminals.
About the Author: Melissa Cromwell is an IT specialist with nearly seven years of experience developing security plans for businesses of all sizes. She believes that knowledge is power: See Smart Protection Network data mining to determine new threats and develop workable solutions for protection.