Available to its client since second week of september, the Blackhole Exploit Kit has been, according to Paunch, its coder,
rewritten from scratch (<- You'll see all announced features here) .
URL patterns are now different. Most improvements are focused on making "defenders" job a little harder.
(For previous version of Blackhole see : Inside Blackhole Exploits Kit v1.2.4 )![]() |
New login screen with Captcha,
making bruteforce attack on the panel a little harder |
![]() |
| BH EK 2.0 Menu |
![]() |
| BH EK 1.x Menu |
![]() |
| Statistics |
On the panel I saw there were buttons that were not on
SpiderLabs post and in 2 other css I gathered.
![]() |
| copy_txt button allowing raw copy of the Data |
![]() |
| Css part related to the copy_txt button (on the Left what i found elsewhere) |
![]() |
| Raw Copy popup |
![]() |
| Getting Guest Statistics Link |
( I hope someone by Symantec will read this, and they will fix their last post on pseudo fake BH )
![]() |
| Blocked Statistics |
![]() |
| Threads |
![]() |
| Thread Creation - Part1 |
![]() |
| Thread Creation - Part 2 |
![]() |
| Thread Parameters |
![]() |
| Files |
![]() |
| Soft Versions |
![]() |
| Security Tab in BH EK 2.0 |
![]() |
Security Tab in BH EK 2.0 (in English but not only for translation, look at Tor exit node number and dates)
режим записи = Recording Mode |
As a comparison Security Tab in BH EK 1.x :
![]() |
| Security Tab in BH EK 1.X |
The Bot list include IP range from altavista, excite, google, infoseek, lycos, 12.40.85.0/24 tagged as non_engines, northernlight, inktomi, many ranges tagged as misc, and around 8000 Ips tagged as mybots
![]() |
| "mybots" Ips |
(According to
SpiderLabs post these mybots can be updated,when you turn the blackhole in a monitoring mode that allow blacklisting of Ips landing on it when not supposed to)
![]() |
| режим записи - Recording Mode widget in Security Tab |
![]() |
| Preferences |
You want to read more ?
Following a lead of "Suspected" Blackhole2 - Malware Must Die! - unixfreaxjp - 2012-09-22
CVE-2012-4681 samples Original (APT) and Blackhole 2.0 (crime) - Contagio - Mila - 2012-09-19
Blackhole Exploit Kit v2 - SpiderLabs - Daniel Chechik - 2012-09-13
Fast look at an infection by a Blackhole Exploit Kit 2.0 - 2012-09-12
Blackhole Exploit Kits update to v2.0 - 2012-09-12
<edit 26/09/12>Added Raw Copy popup</edit>
.png)
