Christmas has come early for novice hackers and criminals looking to get their share of the scam operatives flooding the Internet after someone publicly set free not one but two dangerous malware tools in just under 30 days.
Once available as a password protected archive, the Zeus malware kit and its password was recently released to the public - for free! And just when the underground world was beginning to settle, an earlier version of BlackHole, a malicious exploit kit, was also made available for free download on underground forums and shareware sites like the Hacker News.
Zeus shot to fame after being used to successfully hack banking data and siphon millions from those compromised accounts. BlackHole, however, is relatively new and comes by way of drive-by downloads to infiltrate targets using Windows OS and applications to steal vital data, cheat PC users out of money, and remotely control the infected PC.
BlackHole runs around $1500 for an annual license, $1000 for a semi-annual license, and $700 per quarter license. Short-term rental agreements are an option for those seeking reduced rates per project or use. BlackHole is rumored to be user-friendly and offers an admin panel detailing success rate by vulnerability, OS, browser, and country. While the free release of BlackHole is an older version which does not accommodate newer vulnerabilities, I'm sure many, especially novice users, will not look a gift horse in the mouth.
Attack toolkits such as Zeus and BlackHole contain stealth techniques that make them self-sustaining and great money-makers fueling the billion-dollar scamming industry. It seems a no brainer that the 'zero' investment is attracting newbees who want their own piece of the pie, making the malware duo a Bonnie and Clyde of modern day cyberthreats.
Aviv Raff, CTO at security tools firm Seculert was quoted as saying, "If the Zeus leak was like giving a machine gun away for free, giving away exploit kits is like providing the ammo." That being said, what will be your weapon of defense?
While most malware not only exploits cracks in software and hardware, many also depend on human behavior to help them load, install and execute their attacks. Unfortunately, this is no longer the case, as drive-by attacks are on the rise and are made possible by exploit kits like BlackHole, who turn legitimate websites into traps for unsuspecting web surfers or visitors.
The only defense against such stealth malware is practicing good Internet safety and using good ole common sense.
Tips to consider in protecting your data and PC
- Selecting a reputable antimalware tool that combats stealth techniques such as rootkits and keeping it up to date. The best tools are ones who offer real-time definition updates.
- Staying atop of software upgrades that patch known vulnerabilities. Sadly, many users of are slow to patch frequently used software such as Adobe Reader and Flash, and Java.
- Verifying the source of dubious links or attachments.
- Consider Internet safety before clicking on some cute picture or sensationalized hyperlink laced in germs.
- Being cautions when visiting unsavory websites such as porn, illegal gaming or warez sites.
- Do not pirate software! (Such activity is illegal and punishable by law)
- Be careful when downloading freeware, shareware or codecs used to view movies or videos.
Cybercriminals are not going away too soon and with the release of free malware tools such as Zeus and BlackHole, the cybercrime family is going to only get bigger and that means more malware being released into cyberspace. Don’t wait until it is too late to protect your data, your PC and your loved ones' peace of mind. Start practicing good Internet security today and teach your family and friends to do the same.
If you are wondering who is behind the release, your guess is as good as ours. While those policing the Internet are identifying and arresting violators each and every day, money is the root of all evil and that evil is cybercrime.
Give us your thoughts on the latest cyber attacks and data hacks, and share what steps you feel should be taken to catch cybercriminals and shut down these underground forums that promote malware toolkits.