NEWS FROM THE LAB - Friday, October 11, 2013

Blackhole, Supreme No More Posted by Karmina @ 20:52 GMT

Blackhole exploit kit has always been a favorite example when discussing the impact of kits to Internet users. We've previously mentioned in our posts how fast it was in supporting new vulnerabilities, how it was related to Cool, and that it was the leading kit in our telemetry data. Blackhole and Cool almost always had special mentions in our Threat Reports. So you can just imagine how closely we follow this topic.

Early this week, Maarten Boone Tweeted groundbreaking news regarding Paunch's fate, the mastermind behind Blackhole and Cool. Though no further details were provided, it has been confirmed that Paunch was recently arrested in Russia.

With this news, we decided to look at our telemetry data once again. The graphs below show Blackhole and Cool turning from being at the top of the ranks to being negligible.

ek_hits_2013 (91k image)

bh_cool_2013 (89k image)

bh_cool_oct (26k image)

It's as dramatic as a graph can get. From dominating the exploit kit charts, Paunch's brainchild, Blackhole, is slowly fading away with its master's arrest.

So what does the future look like? Will the numbers even out among the different exploit kits out there? Will one exploit kit arise to take over Blackhole's place? Will a new exploit kit come out and take over the market? We can only speculate. But one thing that we do hope though, is that other exploit kit authors will take the hint, that even if they may enjoy a few years of invincibility, they are not unreachable by the long arm of the law.