back to article Not Cool, man: Potent new hacking toolkit costs crooks $10k a month

The brains behind the Blackhole Exploit Kit is using profits from the hacking toolbox to buy up security exploits and create a far more formidable product. The ubiquitous Blackhole kit is usually installed on compromised websites and uses vulnerabilities in web browsers and other software to inject malware into visitors' PCs. …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

The Symantec report

One thing I did notice on the linked Symantec report was that nowhere was it recommended that it is good practice to keep a backup of your computer on an external / removable drive, in case your drive gets encrypted and (of course) the computer never gets unlocked after the mark has paid the "fine".

Or perhaps I missed the point "buy Symantec products and you will be safe".... Was that too subtle for me to notice?

2
0
Anonymous Coward

Re: The Symantec report

Symantec also makes backup products ;)

0
0
Anonymous Coward

What a bit scary is

at $30,000 a day they make around $10million a year.

And they say crime doesn't pay pffft

0
0
Anonymous Coward

Re: What a bit scary is

Someone tell the tax man.

0
0
Happy

Re: What a bit scary is

You could argue that what they're doing isn't illegal, even if they facilitate criminal activities by selling their tools. You would struggle to get much traction in the argument of prosecuting Stanley Tools for selling various methods for gaining entry to places that you are normally prevented from accessing.

Still, a nice pot of money to pay for lawyers to argue that when the authorities eventually catch up with you.

2
0
Holmes

Re: What a bit scary is

wrong there is no legitimate use here. and intention is obvious.

It not a crime to own tools, but if you have mask, gloves, lockpicks, slim etc in a bag, you can get charged for owning tools with criminal intent.

2
1
Pint

$30,000 a day?

*waves bye bye to ethics, picks up a Learn Russian book and guide to being a script kiddie*

2
0
Anonymous Coward

With any luck...

...the jury will take this information into account when sentencing these criminals.

1
1
Anonymous Coward

Question is: Are they any different to financiers and lawyers?

I think I have more respect for this guys.

2
4
Anonymous Coward

Malware into visitors' PCs?

"The ubiquitous Blackhole kit is usually installed on compromised websites and uses vulnerabilities in web browsers and other software to inject malware into visitors' PCs"

What ever you do - don't ever mention Microsoft Windows ...

0
3
Unhappy

Is any computer safe......?

This is very worrying and depressing. Does this stuff work on ANY platform? If the answer is no, which platforms are safe? What about my android tablet using the Dolphin browser? What about that cute little 'android on a stick' gadget I've just bought and plugged into my TV? More than ever before this stuff has got me seriously considering a machine with no hard drive and a Linux variant booting live from a DVD...... sure, it's slow to boot up but just try infecting that!

0
0
Bronze badge
Coffee/keyboard

Re: Is any computer safe......?

In answer to your question - the only platforms to worry about are the popular ones, which are more likely to be focused on by criminals bent on finding a vulnerability to exploit. However there are many mitigations that lower your profile to attack. For those using Windows products, Secunia PSI is a good program to have on board. As it will notify you of vulnerabilities just as soon as they are publicly discovered. And of course always operate with limited rights. Other than that, it is always a good blended defense that can backup this first rule. Android has Avast Free Mobile Security, for instance.

Notice the "Free" word - so I hope you don't think I'm a shill - I don't sell any products of any kind anywhere.

1
0

This is the toolkit you really need -

Talking of mitigation, don't forget Emet.

Google 'Rationally paranoid' and you can find a great primer under the resources tab.

For those that don't know of course. Once EMET is set up, you can largely forget about it.

No performance hit. Oh and look on Dedoimedo's site for other good info on this toolkit.

Google 'dedoimedo emet' and you should be good.

Not a Microsoft fan either, but credit where credit is due.

1
0
This topic is closed for new posts.

Forums