Blackhole Malware Creator Arrested In Russia
October 9, 2013

Blackhole Malware Creator Arrested In Russia

Peter Suciu for – Your Universe Online

This week it was reported that Russian authorizes have arrested an alleged hacker, one who is believed to have been responsible for distributing the notorious “Blackhole” malware, which is widely used by cyber criminals to infect PCs.

The European Union’s law enforcement agency, Europol, has confirmed the arrest of a “high-level suspected cyber criminal,” but did not provide further details.

“I know it is true, we got some information, but I cannot say anymore,” Troels Oerting, head of the European Cybercrime Centre, an arm of Europol told TechWeekEurope, IBTimes UK reported.

“It is correct that Europol/EC3 has been informed that a high-level, suspected cyber-criminal has been arrested,” confirmed spokesperson Søren Kragh Pedersen.

According to Reuters a former Russian police detective, who was in contact with Russia’s federal government, also confirmed that the suspect – known in hacking circles as “Paunch” – had been arrested.

Russia is noted for having one of the largest pools of talented hackers, as well as an advanced underground economy that unites customers and programmers, and Paunch is believed to be one of the most successful malware authors.

The malware that Paunch had been credited with creating is known as “Blackhole,” and it can be used by hackers via hijacked servers to automatically infect personal computers simply when users visit a tainted site. The Blackhole software contains a reported arsenal of tools that allow hackers to attack PCs, each of which can leverage vulnerabilities in computers.

More ominously, security experts have noted that Blackhole’s developers regularly update the product so that its hacker customers can exploit the latest vulnerabilities uncovered in PCs. These include those in Microsoft’s Windows and Internet Explorer, Adobe Systems’ Reader and Flash and notably Oracle Corp’s Java software.

The Blackhole exploit kit has been used at least as early as 2010, and possibly even earlier, to hack into several Web browsers and into client software, such as the noted Adobe Reader and Flash. This has been such a problem that this past February Adobe released an emergency update for its Flash software, reportedly to address two security issues that were being exploited by hackers.

Security researchers also found earlier this year that the Blackhole exploit toolkit was used by cyber criminals to exploit vulnerabilities in Java. Back in January, Paunch spoke to investigative journalist Brian Krebs and told the reporter that his exploit is available to hackers for $10,000 a month.

However, Computer World reported this week that while other exploit kits can typically cost thousands of dollars, the Blackhole exploit can be rented for as little as a $200 to $300 per week, which suggests that there may be a discount version offered to hackers.

Blackhole’s user interface is also unique in that it includes web-based support as well as the aforementioned frequent updates.

“The way Paunch developed and marketed Blackhole was really kind of unheard of,” Alex Cox, a principal security researcher on RSA’s FirstWatch team, told Computer World on Tuesday. “Paunch was very good at putting in Zero Day and near Zero Day exploits and adding new software.”

However, the malware developer also took his own security a bit more seriously. It was reported that Blackhole includes built-in code obfuscation techniques as well as other evasive measures that make it hard to copy. This and the fact that the software is continually evolving and improving make it harder to detect and block, but might also keep the hacker customers coming back for more.