Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Blackhole Exploit Kit author 'Paunch' arrested in Russia, say reports

Tango down

Article comments

Evidence is mounting that the head salesperson and self-styled author of the Internet’s hugely successful Blackhole Exploit Kit, ‘Paunch’, has been arrested by Russian police.

So far the evidence is circumstantial [see update below], such as the complete disappearance of the Russian-hosted service used to encrypt its distribution and the fact that a particular malicious Java applet associated with its workings has not been updated for four days.

As researchers have noted, this is usually updated once or twice a day so the lull is unusual.

“This may very well be the last update we see, unless somebody picks up the torch,” said Jerome Segura of US antivirus firm, Malwarebytes in a blog post.

In the absence of hard facts, rumour has filled the vacuum, with security researchers ‘Kafeine’ and Maarten Boone of Dutch security firm Fox-IT reporting Paunch’s arrest in tweets that caught the attention.

However, Kaspersky Lab’s chief security expert Aleks Gostev tweeted his support for the arrest thesis. “Some of my sources just confirmed arrest of #BlackHole author. Sorry, no more details yet,” he said.

Criminals appeared to known something was afoot with the Reveton malware moving its distribution from the Cool Exploit Kit (also said to be the work of Paunch) to the more recent and rival Whitehole Exploit Kit.  

If the Blackhole Exploit Kit is offline for now, as the market leader in the space the short-term effects could be significant.

“This would be a major event in the exploit kit business, one that could trigger a chain reaction leading to more arrests and disruption. We can’t wait to hear the official news as well as if other gangs have been caught,” suggested Segura.

“In all likelihood, we are going to see cyber-crooks migrate their infrastructure towards other exploit kits very soon.”

Blackhole first appeared in version 1.0.0 in August 2010 - version 2.0 appeared to some fanfare a year ago - since when it has established itself as an entire crimeware platform, undoubtedly the most complete created up to that point. Its popularity is down to its ability to automate and industrialise complex procedures, including the use of software exploits in attacks.

Probably its biggest innovation has simply been its business model based on leasing rather than sale. Significant volumes of today’s malware attacks depend on it, which makes it disappearance extremely important if it is confirmed.

Update: A source at Europol confirmed the arrest to TechWeekEurope without giving further details.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *