(LiveHacking.Com) – A new version of the popular Black Hole exploit kit has been released. According to an entry on Pastebin, V2.0 has been rewritten from scratch to make it harder for anti-virus programs to detect it. Black Hole is one of the most popular exploit kits used onlne and accounts for just under 40 percent of all toolkits detected by AVG. The key element in the announcement is not so much the new features (which I will look at below) but the fact that the “advert” contains a list of the prices for server rentals and mentions that the prices have remained the same. Don’t ever loose sight of the fact that malware writing is all about the money.
So what are the prices, how much does it cost to be a cyber criminal nowadays? To rent a command and control server from the BlackHole creators cost just $50 per day with a limit of 50,000 hits. If you want to use your own server then you need to by a license (ironic, no!), and that costs $700 for 3 months or $1500 for a year.
Among the new features is the use of a CAPTCHA on the administration panel login page to prevent security companies performing brute force attacks against the servers. Plus the kit adds new dynamically generated URLs, which are valid for a few seconds. These kind of “enchancements” aren’t to do with how BlackHole actual explots vulneravilitries on victim’s PCs, but rather they are designed purley to make life harder for security researchers and securty companies. In fact, the announcement says that the team have “developed and implemented a lot more features about which bragging and shouting in public is simply not reasonable, because competition and the AV companies do not nap.”