Skip to content

Is the Blackhole exploit kit finished?

Blackhole malware crimekit arrestWhen news broke in October that the criminals behind the notorious Blackhole exploit kit had been arrested in Russia, our threat experts were understandably excited. But more importantly, SophosLabs went to work to understand this development and figure out what it means for cybercrime and IT security at large.

As SophosLabs researcher Fraser Howard reported yesterday in his post at Naked Security, Blackhole had already been declining in prevalence prior to the arrests. So does this mean the end of Blackhole? And how will this news change the threat landscape overall?

According to Fraser, “assuming that the players behind Blackhole have indeed been removed from the game, it is possible that the apparent decline we have seen in the past week will continue.”

That might mean Blackhole is headed toward the exit. Unfortunately, Fraser explains, that doesn’t necessarily mean cybercriminals will take a hit or that threats will decrease overall. As Blackhole declines, other crimeware kits will rise to take its place. Read more of Fraser’s take on these developments here: Assessing the impact of the Blackhole arrests.

Want to know more about Blackhole?

For a deep dive into how Blackhole works and how it evolved, we recommend checking out our technical papers: Inside a Black Hole and Inside a Black Hole Part 2. We also covered Blackhole extensively in our whitepaper Malware B-Z: Inside the Threat From Blackhole to ZeroAccess.

SophosLabs is on the Case

Our SophosLabs researchers track millions of pieces of malware, in real time. It’s what we do. Learn more about how we keep you secure from threats like Blackhole and everything that comes next.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!