Suspected Blackhole Exploit Kit mastermind arrested

Graham Cluley
Graham Cluley
@[email protected]

A plughole has a few black holesA man suspected of being the author of the notorious Blackhole Exploit Kit has been arrested by Russian authorities.

No information about the how the suspect, who goes by the not very glamorous moniker of “Paunch”, came to be arrested has been made available, but Europol told TechWeekEurope confirmed reports of a man’s detention and sources in the security industry claim that the malicious kit has not been updated for a few days (whereas it is normally updated daily).

The Blackhole Exploit Kit is basically a web-based application that can exploit web browser vulnerabilities as users visit infected websites. The kit doesn’t just exploit weaknesses in web browsers, but can also take advantage of flaws in popular browser plugins such as Adobe Reader, Flash and Java. By exploiting a security hole with an exploit kit, online criminals can install malware onto visiting computers.

The Blackhole Exploit Kit first reared its ugly head in late 2010, and quickly became a common find for malware researchers investigating compromised websites, and responsible for most of the web attacks that were seen.

Sign up to our free newsletter.
Security news, advice, and tips.

Recently, other exploit kits have probably overshadowed the prominence of Blackhole, but that doesn’t mean it should be treated any less seriously.

If it’s true that the brains behind the Blackhole has been apprehended it’s a very big deal – a real coup for the cybercrime-fighting authorities, which will hopefully cause disruption to the development of one of the most notorious exploit kits the web has ever seen.

However, it’s worth remembering that nature abhors a vacuum, and there would surely be other online criminals waiting to take their place, promoting their alternative exploit kits and malicious code.

Nonetheless, no tears will be lost if the authorities really do have the author of the Blackhole Exploit Kit in custody.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.