Let’s focus for a moment on Blackhole, the world’s most popular and notorious malware exploit kit. Barring a takedown by law enforcement, we are likely to be battling it for years to come. So it’s worth making sure you’re up to speed.
Exploit kits like Blackhole are pre-packaged software tools available on the malware black market. They identify and make use of vulnerabilities in software running on your computer to pull off a drive-by download.
The result: the computer silently downloads and runs malware, without producing any of the warnings or dialogs you would usually expect.
Like other exploit kits, Blackhole can be used to deliver a wide variety of payloads. Common examples include fake antivirus and ransomware. It can also attack Windows, OS X, and Linux – it is an equal-opportunity victimizer.
So what are we doing about Blackhole, and what can you do?
Our global team in SophosLabs tracks Blackhole 24/7. They make sure that our generic detection and reputation filtering keep up with this changing exploit kit.
Watch our SophosLabs video to learn more
Whenever Blackhole learns how to counter them, we rapidly roll out protection updates as needed via the cloud. We also apply cutting-edge techniques for identifying and analyzing server-side polymorphic attacks such as Blackhole.
On your end, the best defense against Blackhole is a defense in depth.
- Quickly patching operating systems and applications is always important, and it’s best to automate your patching process.
- To reduce the attack surface, disable vulnerable systems such as Java and Flash wherever you don’t need them.
- Block compromised legitimate websites and exploit sites through a combination of reputation filtering and content detection technologies, and use content detection to block payloads.Note that reputation filtering can often block exploit sites before content detection occurs, but it is not foolproof by itself.
- Deter or reduce social engineering attacks that originate with spam with up-to-date spam filters and more active user education.
- If your endpoint security product has HIPS (host intrusion prevention system) features, use them for added protection against new or modified exploits.
For more information on Blackhole, and other security trends, read our 2013 Security Threat Report.