According to a statement issued by the Russian Ministry of Internal Affairs (MVD), the alleged creator of the BlackHole Exploit Kit is amongst the 13 people being prosecuted in connection with organised criminal activity, including the distribution of banking trojans designed to steal sensitive information.
The alleged creator of the Blackhole Exploit Kit, who goes by the online handle of “Paunch”, was rumoured to have been arrested by the Russian authorities earlier this year.
The Blackhole Exploit Kit is a notorious web-based application that can exploit web browser vulnerabilities when innocent users visit infected websites. The kit doesn’t just exploit weaknesses in web browsers, but can also take advantage of flaws in popular browser plugins such as Adobe Reader, Flash and Java. By exploiting a security hole with an exploit kit, online criminals can install malware onto visiting computers.
Having first reared its ugly head in late 2010, the Blackhole Exploit Kit rapidly became a common adversary for malware researchers, benefiting from regular updates and responsible for most of the web attacks that were seen.
Recently, other exploit kits have overshadowed Blackhole, but that doesn’t mean it should be treated any less seriously.
According to the MVD statement, the alleged Blackhole gang are said to have inflicted 70 million Rubles’ worth of damage (£1.3 million, or US $2.13 million) through their activities.
If the Russian authorities really do have their hands on the Blackhole Exploit Kit’s creator, and his collaborators, then that is good news for everyone on the internet.
Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.
