Sunday 11 September 2011

Blackhole exploit kit v1.2.0

MDL noticed Blackhole kit's obfuscation and url parameters have been changed

I don't know if a new version was released or what but i've just found a version '1.2.0'
With black market advertisings on the header (i don't remember seeing that on the 1.1.0 version)








Here there is a Start/pause button




I've looked for files info, PHP files was made the 30 Aug.
And all files was ioncubed as usual on the kit, so i believe this is a real new version by Paunch (coder of BH).
Edit: update confirmed, 1.2.0 is out since the beginning of September.

2 comments:

  1. Whats the CVE for the flash exploit? do you have a sample?

    ReplyDelete
  2. No idea of the cve here are the hash of swf files i've found inside
    http://www.virustotal.com/file-scan/report.html?id=3c00d50684ccf7e1db112a5546caee73dcfd6115bfe91158d242c6d20ebcda45-1318757880
    http://www.virustotal.com/file-scan/report.html?id=7c216a241413723763d99e3ecb49f398af2b9d878250b383931be708d71db411-1318757530
    just send me a mail if you want them.
    xylitol[at]malwareint[dot]com

    ReplyDelete