Live Help



Call Us: 713.575.9514

What is Blackhole Exploit Kit?

This threat is caused by code that can be hacked into a web page. When you browse to a web page with this threat it will exploit vulnerabilities in your Internet browser/plugins and force adware, phishing programs or any other type of fraudulent software to be installed on your device. The most popular variants of Blackhole Exploit Kit are Blackhole Exploit Kit (type 2364), Blackhole Exploit Kit (type 2363), Blackhole Exploit Kit (type 2362)

The Blackhole exploit kit is currently the most prevalent web threat, where 28% of all web threats detected by Sophos and 91% by AVG are due to this exploit kit.Its purpose is to deliver a malicious payload to a victim’s computer.The creators of the kit are suspected to be famous Russian hackers named “HodLuM” and “Paunch”.


Basic summary of how Blackhole works

  1. The customer licenses the Blackhole texploit kit from the authors and specifies various options to customize the kit.

  2. A potential victim loads a compromised webpage or opens a malicious link in a spammed email.

  3. The compromised web page or malicious link in the spammed email sends the user to a Blackhole exploit kit server’s landing page.

  4. This landing page contains obfuscated JavaScript that determines what is on the victim’s computers and loads all exploits to which this computer is vulnerable and sometimes a Java applet tag that loads a Java Trojan horse.

  5. If there is an exploit that is usable, the exploit loads and executes a payload on the victim’s computer and informs the Blackhole exploit kit server which exploits was used to load the payload.


Defenses against the Blackhole exploit kit

Make sure the browser, browser’s plugins, and operating system are up to date. The Blackhole exploit kit targets vulnerabilities in old versions of browsers such as Firefox, Google Chrome, Internet Explorer and Safari as well as many popular plugins like Adobe Flash, Adobe Acrobat, and Java.

Run a security utility with a good antivirus and good host-based intrusion prevention system (HIPS). Due to the polymorphic code used in generating variants of the Blackhole exploit kit, antivirus signatures will lag behind the automated generation of new variants of the Blackhole exploit kit, while changing the algorithm used to load malware onto victims’ computers takes more effort from the criminal or criminals who are developing this exploit kit. A good HIPS will defend against new variants of the Blackhole exploit kit that use previously known algorithms.


First Release on the Internet

Blackhole exploit kit was released by a Russian hacker named HodLuM on “Mailbox”, an underground Russian hacking forum, He released the first version, then began on further releasing more versions after weeks.

Buy AVG Now!!!

Facebook Feed

Recent Posts

  • June 20, 1840 Samuel F.B. Morse receives a U.S. patent

    Jun 20, 2017 | 08:26 am

    1840: Samuel F.B. Morse receives a U.S. patent for his dot-dash telegraphy signals, known to the world as Morse code. The code Morse devised with Alfred Vail uses a system of dots and[…]

  • WannaCry Ransomware

    May 17, 2017 | 11:13 am

    WannaCry 2.0 Ransomware Ready For More Destruction As It Learns To Combat The Kill Switch History has never seen ransomware bring more than half the world’s computers to a standstill.[…]

  • Enterprise Grade WiFi at Home? Is it really possible?

    Jan 11, 2017 | 13:55 pm

    Client: “Enterprise-Grade WiFi at Home? Really?” Chris M.: “Absolutely – much cheaper than you would think too!” “Would you like to know more?”   As technology advances over the years, we[…]

  • Ray Tomlinson – The inventor of email

    Jan 6, 2017 | 12:59 pm

    Email and how it all began! Electronic mail, or email, is a method of exchanging digital messages between people using digital devices such as computers, tablets, and mobile phones. Email[…]

  • Labtech 11 (Connectwise Automate)

    Jan 6, 2017 | 11:39 am

    For Immediate Release: Change of Operations Mathews IT Services is making the move to Connectwise Automate formally known as Labtech Software for our remote monitoring and management platform. This process[…]

  • National Pearl Harbor Remembrance Day – December 7th

    Dec 7, 2016 | 14:10 pm

    On this day, December 7 in 1941 at 7:55am Hawaii time the United States was attacked by the Japanse dive bombers bearing the Rising Sun of Japan on their wings.[…]