Thursday, 13 September 2012 22:27

Black Hole 2 Exploit Kit Launches Complete with Support for Windows 8 and Mobile Devices

Written by

Reading time is around minutes.
Code

-43 days. That is how long Windows 8 lasted before a major malware tool was released for it Windows 8 is not even official and there is already a major exploit kit that covers it. Earlier today cyber criminals announced the launch of Black Hole 2. The original exploit kit was used in more than a few pieces of malware since it first was launched in Beta format in late 2010. The exploit kit is offered in almost like a cloud service (which brings us back to irony). You have to lease access to it so you can develop your malware. The pricing is pretty with a year lease going for only $1500. Despite the success of this exploit kit, like all enterprises you must grow or die.

To make sure they continue growing the developers behind Black Hole 2 have done some major work to the kit. They have cleaned up the interface to make it easier to track systems infected by your payload. They have also added in new features (that they are not talking about too publicly) to evade detection and to bypass security. Even the short list of features is pretty impressive and should concern… well anyone that needs to think about security on their systems and network, oh wait that is everyone.
blackhole2

One of the new improvements was very interesting to us “update machine stats to include Windows 8 and mobile devices”. We have been discussing Microsoft’s new OS from many different angles and one of the most concerning has been security. To see a new Exploit Kit drop onto the scene more than a month before the launch of the new OS is a little frightening as is the appearance of methods to track mobile devices. From what we have been able to find out they are not limiting this to a single mobile OS. It looks like there are exploits out there for just about all of them. This means that Windows RT could be and most likely is vulnerable as well. We already know that the version of Flash that is currently bundled with Modern UI version of IE 10 has several vulnerabilities that Microsoft was originally not patching until after the official launch. Thankfully they have changed their mind and plan a fix for IE 10 sooner rather than later.

Even without worrying about vulnerabilities in Windows 8, Windows RT and WP8 there is a problem with mobile malware that is growing exponentially. We are not just talking about the malware being presented in the Play Store, but also newer exploits that are getting into mobile systems through infected sites (which is what Black Hole is for). As more people are using their mobile devices to browse the internet we expect to see a spike in infections that did not come from a poisoned app over in the next year. For the last few years the mobile world has enjoyed a quiet time that is fast coming to a close. You can expect to see malware, viruses, Trojans, keyloggers and worse being released for mobile operating systems. The industry and consumers have all become too complacent over the last few years, while the carriers and phone makers need to track, catalog and document everything we do on our devices has made breaking into these products a money making proposition. The security research companies, phone makers and of course the guys that write the operating systems had better change direction very quickly or we will be looking at some very nasty malware outbreaks on our new mobile toys.

Discuss this in our Forum

Read 3481 times Last modified on Thursday, 13 September 2012 22:37

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.