Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Blackhole Exploit Kit creator 'Paunch' in custody, Russian police confirm

Did this man code a malware firestorm?

Article comments

The first photograph shows a slightly overweight young man standing in front of a white Porsche Cayenne, cigarette in hand, expression uneasy.  In a second he appears to be reading a charge sheet as a masked military policeman in black stands guard in the background.

Could this confused-looking individual really be the creator of one of the most successful and feared cybercrime tools of all time?

As previously reported, now confirmed by Russian police, the still unnamed 27-year old man is said to be ‘Paunch’ (his nickname), arrested on 4 October with a dozen others in the city of Togliatti, accused of programming the hugely successful Blackhole Exploit Kit used in attacks on countless millions of Internet users since 2010.

Criminals come and go of course, but if the man nabbed by police really is the creator of Blackhole his arrest is hugely significant. It’s hard to put into numbers how massive this one kit had become from its earliest days in the summer of 2010 to its sudden disappearance only weeks ago after his arrest. No summary of malware activity in the last three years was complete without mentioning it under a heading of its own.

Designed as a service that could be rented by criminals for $500 per month, Blackhole was an all-in-one solution for the aspiring cybercriminal out to attack browser users through compromised web pages and – the service's speciality – using top-notch exploits for zero-day flaws. It became one of the most important means of attacking online bank systems.

Russian security firm Group-IB (which said it had assisted police in tracking him down and published the pictures), estimates that the accused man had around 1,000 customers across the world of cybercrime. Without this kit, the cybercrime scene of the last three years would have been measurably smaller and duller.

Part of his success was down to this ability to source zero-days by the bucket-load.

“The original purchase budget for the exploits was $100 thousand, but was later increased to $200 thousand. To purchase new exploits, attempts were made to contact some well-known brokers actively working with government agencies,” said Group-IB without elaborating on which brokers these were.

According to police, Paunch’s alleged criminal activities resulted in financial damage of 70 million roubles (about £1.6 million), a laughably small sum; the real global figure must be a hundred times that or more.

Only days after rumours of Paunch’s arrest emerged in October, it was obvious something major had occurred; criminals had started abandoning Blackhole in favour of rival malware kits. So Blackhole isn’t the only exploit kit out there and if the Russian accused does turn out to be Paunch, his arrest be the perfect business opportunity for delighted rivals stepping up to service what appears to be a huge customer base.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *