Malware Related > Malware Analysis

Black Hole Exploits Kit

(1/4) > >>

WIEx:
Black Hole Exploits Kit

Released the next bunch of exploits, this time with a very interesting and beautiful design approach



I quote the description from the author:


--- Quote ---Absorbed all the latest developments and methods of testing for the last time we reviewed and analyzed more than two dozen products from that area and created a unified system.
Writing system based on existing market demands and was created from the first to the last byte from scratch.
The application of this test system will allow you to identify all of the latest computer vulnerabilities to date.


Administrative system:

[Statistics] Statistic screen
Maximum detailing statistics for all parameters tested bunal computer.
Vidzhetovaya system.
Widget 1: Global statistical widget:
a.) Statistics for the entire period of the system since the launch or since the last reset.
b.) Statistics for the current day of the system.
c.) Statistics on the calendar, taken separately for a period of time.
Widget 2: Operating Systems.
Widget 3: Browsers, detail on versions of a single browser.
Widget 4: Top Country.
Widget 5: Buffer and vulnerable versions of operating systems.
Widget 6: Referrals, detailing the full address invoking URL, IP address. (Optional, switchable).
Share 7: Streams, statistics of a single source of traffic comes from.
Share 8: Custom widget. (The ability to create a widget soobstvennogo identifying and Grouping any statistical data from the separate widgets)

Each of the widgets have full, miksimizirovannuyu stats for your parameter data.
Update automatically from a given interval on the timeline, without reloading the page, in real time.
Graphic, visual presentation of information on the Level 3 leniynyh graphs.
Account: hits, hosts, downloads, percentages for each of the parameters of statistics.
Formation of visual rasplozheniya widget system Drag'n'Drop.

[Streams] Stream screen
Built-in TDS (Traffic Direct System), prohibitive flexibility.
Configure traffic flows under each: type, niche, Celler traffic.
Generate your own set of: operating systems, browsers, countries, exploits, files, for incoming traffic, based on the rules.
Separate traffic to a unique, non-unique for each of the rules of the flow.
Manage the flow, the status of the rules.
Manage the files for each of the flow / rules with automatic change it to a new limit on the expiration of shipment.
Full, maximize statistics: flow / rule.
Administrative and public access to the statistics flow / rules.


[Files] Files screen
Library files.
Full details on the downloaded file.
Setting limits on shipments specifically to retrieve the files.
Integrated Anti-based API interfaces popular AVCheck services.

[Security] Securuty screen
Block-treatment system for the task: Referrals, IP-address (including ranges).
Generate database black list: Referrals, IP address.
Import, export databases black list.

[Setting] Setting screen
Admistrativny section control center system.
Change the names of key files and settings to hide from antivirus companies detect and Malvar trackers followed the entry of the domain or IP address in the black list of the names of a set of standard system files.
Are fully independent and unique file names and settings from other copies of the system.
Change the system language: Russian, English.
Set limits on the string to display statistical information widgets.
Change the password system.
Change the global auto-update interval statistics page.
Resets the global statistics of the system, or single stream.
Optimized for heavy-work and Aubum traffic;
Exploits crypt on special algorithms that make it impossible to code analysis and detection of anti-virus as well as services Tipo wepawet and other counterparts ...
Punches all browsers, if vulnerable plug-ins and browser versions;
Admin password protected without the use of login.
Links to traffic, as in the clear, and zakriptovanny JavaScript kriptor iFrame code.
System screen:
http://img576.imageshack.us/img576/58/statisticz.png - Statistic
http://img412.imageshack.us/img412/5294/stream.png - Stream
http://img837.imageshack.us/img837/161/filesr.png - Files
http://img205.imageshack.us/img205/2365/security.png - Security
http://img839.imageshack.us/img839/4607/settingg.png - Setting
http://img832.imageshack.us/img832/2048/browsers.png - Browsers
http://img842.imageshack.us/img842/9780/country.png - Country
http://img69.imageshack.us/img69/7721/exploits.png - Exploits
http://img683.imageshack.us/img683/8875/21364432.png - Os

In property:

Annual license: $ 1500
Half-year license: $ 1000
3-month license: $ 700

Update cryptor $ 50
Changing domain $ 20 multidomain $ 200 to license.
During the term of the license all the updates are free.

Rent on our server:

1 week (7 full days): $ 200
2 weeks (14 full days): $ 300
3 weeks (21 full day): $ 400
4 weeks (31 full day): $ 500
24-hour test: $ 50
[*] There is restriction on the volume of incoming traffic to a leasehold system, depending on the time of the contract.

Providing our proper domain included. The subsequent change of the domain: $ 35
No longer any hidden fees, rental includes full support for the duration of the contract.

Trade Service: 363001 - Legacy (from 10:00 to 18:00 on MSK)
Programming Engineer: ICQ: 343002; JabberID: paunch@ thesecure.biz - Paunch (theoretically 24 hours)
Founder Team: 895894 - Naron
--- End quote ---

http://forum.web-hack.ru/index.php?showtopic=98260

SysAdMini:
Black Hole Exploits Kit. Another crimeware in addition to criminal supply
http://malwareint.blogspot.com/2010/09/black-hole-exploits-kit-another.html

SysAdMini:
The BlackHole Theory
http://www.symantec.com/connect/ja/blogs/blackhole-theory

SysAdMini:
version 1.1.0 announced

http://translate.google.co.jp/translate?hl=en&sl=auto&tl=en&u=http://scriptkiddiesec.blogspot.com/2011/05/black-hole-exploit-kit-110.html


--- Quote ---The new version 1.1.0
of innovation - is a complete rewrite issue
Before issuing a java sploytov is a check JRE version and only if the version is potentially vulnerable is an attempt punching
overwrite existing exploits, java smb is no longer asks to install the plugin when approaching the link, and other changes
iepeers removed because no relevance
added 2 new exploit java trust (punches before 1.6.0_23 inclusive - this is the last version at the moment), just added java skyline
significantly increased the sample on some types of traffic nearly doubled, here's an example stats
--- End quote ---


SysAdMini:
Black Hole Exploits Kit 1.1.0 Inside
http://malwareint.blogspot.com/2011/08/black-hole-exploits-kit-110-inside.html

Navigation

[0] Message Index

[#] Next page

Go to full version