Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
July 3, 2012 02:05 pm

Blackhole Exploit Kit Gets an Upgrade


wiredmikey writes "The popular Blackhole exploit kit, assumed to be created and maintained by an individual going by the online moniker of 'Paunch,' who continuously updates the browser exploit software, looks like it has just received another upgrade. The exploit works by infecting a user when they visit a Blackhole-infected site, and their browser runs the JavaScript code, usually via a hidden iframe. If the location or URL for the malicious iframe changes or is taken down, all of the compromised sites will have to be updated to point to this new location, making it hard for the attackers. To deal with this, the Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains, based on the date and other information, and then creates an iframe pointing to the generated domain. Moreover, the kit's recent upgrade also added a new attack. According to Sophos, sometime in early June Blackhole was updated to include an attack that targets a flaw in Microsoft's XML Core Services, which remains unpatched. Unfortunately, the changes prove once again that the criminal economy online is alive and well."

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/0M-b-LSr8ug/blackhole-exploit-kit-gets-an-upgrade

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot