Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Development

    Cyber-Criminals Adding Zeus-Like Behavior to Blackhole Exploit Kit

    Written by

    Fahmida Y. Rashid
    Published October 17, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The Blackhole exploit kit is increasingly mimicking some of the attack techniques initially popularized by Zeus, AppRiver researchers said.

      Traditionally used to infect legitimate Websites to launch drive-by-download attacks, Blackhole is beginning to employ mass email and other attack methods used by Zeus and SpyEye crimeware kits, Fred Touchette, senior security analyst for AppRiver, wrote on the company blog.

      People using the Blackhole kit previously relied on techniques such as SEO poisoning to direct victims to their sites, but they are now beginning to use mass email, according to Touchette. Mass email messages claiming to be from the IRS or delivery notification messages have usually been part of the Zeus repertoire, he said.

      AppRiver researchers first noticed the change earlier this month after the death of Apple founder Steve Jobs. Malicious emails were sent to users with subject lines such as “Steve Jobs Alive!” containing a link that sent users to a Blackhole-enabled Website, according to Touchette.

      Another recent phishing scam masqueraded as email notifications sent from an HP OfficeJet printer has sent out nearly 8 million messages and used more than 2,000 domains to serve up malware, AppRiver researchers found. The campaign worked like Zeus in that the malicious site checked the user’s Web browser and operating system to serve up customized payload exploiting unpatched Java and Adobe vulnerabilities in the browser, according to Touchette.

      Blackhole used to be a high-end crimeware kit, costing about $1,500 for a one-year license on underground forums. The high price kept “the rookies away” and allowed operators to launch their scams “relatively under the radar,” according to Touchette. Similar to what happened with Zeus and SpyEye earlier this year, a version of the toolkit was released for free in several forums in May, opening up the kit to less sophisticated criminals.

      “We have been seeing a steady increase in the number of infections for which this kit is responsible,” Touchette wrote.

      While recent botnet takedown activities have significantly dropped spam volumes over the past three years, the volume of malicious emails remains high as botnet operators try to rebuild their network, AppRiver researchers wrote in their monthly “Threat and Spamscape” report, released Oct. 17. In September, the malware surge maintained an average of more than 6 million pieces per day with spikes of 18 million pieces a day earlier in the month, AppRiver found.

      Crimeware toolkits are regularly updated as malware developers add new attack techniques and defensive mechanisms to stay ahead of security vendors and researchers. Researchers had speculated that the developer behind Zeus would no longer work on the banking crimeware kit as its code had been merged with SpyEye. However, in recent months, Zeus has been updated with new features that have not yet been added to SpyEye, leading researchers to believe that both teams are still active and going down different paths.

      For example, researchers recently noticed a major upgrade to the banking Trojan featuring peer-to-peer (P2P) capabilities. Zeus previously featured a domain-generation algorithm that generated new URLs to push out malware and updates to infected machines. The P2P version uses a list of hard-coded IP addresses to communicate with the zombies. With all the updates distributed across several machines instead of being centralized on a master URL, it will become much more difficult to track the Trojan’s activities or disrupt the botnet.

      The recentlydisabled Kelihos botnet had some P2P capabilities.

      Past attempts to take down the botnet have centered onshutting down the command-and-control servers that send out instructions to the bots and disable the domain names used by the C&C servers. If the botmaster can use infected machines to update other machines, this kind of takedown becomes much more problematic.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.