ITWire

Home Business IT Security The cyber-criminal's new groove - it's a black hole!

The cyber-criminal's new groove - it's a black hole!

Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


iTWire asked AVG's Michael McKinnon, Australia / New Zealand Security Advisor for his thoughts on the latest report.  "There are no surprises, for those in the Industry, that the Blackhole Exploit Toolkit remains the most prevalent threat in the wild at the moment.  What AVG's Q1 Community Powered Threat Report does bring to focus is the degree to which compromised Wordpress websites are implicated in the success of this toolkit.  It is about time that all Wordpress site owners took a serious look at their security practices and updated and secured their websites."

Wordpress has always been a favourite attacking conduit, so it's interesting to see it get some attention (for once).

McKinnon continues, "The creators of the Blackhole Exploit Toolkit also appear to be very organised with regular updates of their Crimeware, to the extent that exploits are constantly being refreshed with the goal of avoiding detection, and made available to subscribers of their service; literally it has become a Crimeware-as-a-Service business model.  

"The Q1 report also details the previous encryption methods used by the toolkit, which appear to be technically inferior seemingly for the purpose of ensuring that out of date Blackhole Toolkits quickly become useless - further strengthening the Crimeware-as-a-Service assumption."

The report also observes, "Blackhole is a sophisticated and powerful exploit kit, mainly due to its ability to adapt (it is polymorphic) and in that its code being heavily concealed (obfuscated) to evade detection by anti-malware solutions. These are the main reasons it has a high success rate."

Of course this is just a tiny sampling of the sixteen-page report.  iTWire recommends our readers download and digest it in its entirety.

RECRUITMENT & RETENTION REPORT 2013

HIRE OR FIRE? BUY OR BUILD

2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.

If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.

GET YOUR REPORT NOW

David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.

More in this category: « Axis targets homes and small businesses with new security cameras Smaller organisations falling victim to targeted attacks »
back to top


Services

Company

Community

Connect

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=5460041&PluID=0&ord=[2000]&rtu=-1