Blackhole is just one of the many crime kits available on the Web. Cybercriminals using it will typically compromise a legitimate site, usually one that is running outdated version of WordPress or osCommerce for example, and wait for visitors to arrive for their delivered infection. The kit itself targets vulnerabilities in common third-party software, such as Java, Adobe’s Reader or Flash, and Microsoft’s Internet Explorer.
However, recent versions of the kit have patched a known flaw, which often left a potential victim safe from harm if the criminal running a Blackhole domain got lazy or was clueless.
Moreover, the kit’s recent upgrade also added a new attack. According to Sophos, sometime in early June Blackhole was updated to include an attack that targets a flaw in Microsoft’s XML Core Services, which remains unpatched. However, Microsoft has released a FixIt tool that will help mitigate the vulnerability.
Related Feature: Black Hole Exploit - A Business Savvy Cyber Gang Driving a Massive Wave of Fraud