2012-09-23 - Panel
Behind the Captcha or Inside Blackhole Exploit Kit 2.0 - Exploit Kit Administration Panel
Available to its client since second week of september, the Blackhole Exploit Kit has been, according to Paunch, its coder, rewritten from scratch (<- You'll see all announced features here) . URL patterns are now different. Most improvements are focused on making "defenders" job a little harder.
(For previous version of Blackhole see : Inside Blackhole Exploits Kit v1.2.4 )
 |
| New login screen with Captcha, making bruteforce attack on the panel a little harder |
 |
| BH EK 2.0 Menu |
 |
| BH EK 1.x Menu |
 |
| Statistics |
 |
| copy_txt button allowing raw copy of the Data |
.png) |
| Css part related to the copy_txt button (on the Left what i found elsewhere) |
 |
| Raw Copy popup |
 |
| Getting Guest Statistics Link |
 |
| Blocked Statistics |
 |
| Threads |
 |
| Thread Creation - Part1 |
 |
| Thread Creation - Part 2 |
 |
| Thread Parameters |
 |
| Files |
 |
| Soft Versions |
 |
| Security Tab in BH EK 2.0 |
 |
| Security Tab in BH EK 2.0 (in English but not only for translation, look at Tor exit node number and dates) режим записи = Recording Mode |
As a comparison Security Tab in BH EK 1.x :
The Bot list include IP range from altavista, excite, google, infoseek, lycos, 12.40.85.0/24 tagged as non_engines, northernlight, inktomi, many ranges tagged as misc, and around 8000 Ips tagged as mybots
(According to SpiderLabs post these mybots can be updated,when you turn the blackhole in a monitoring mode that allow blacklisting of Ips landing on it when not supposed to)
You want to read more ?
Following a lead of "Suspected" Blackhole2 - Malware Must Die! - unixfreaxjp - 2012-09-22
CVE-2012-4681 samples Original (APT) and Blackhole 2.0 (crime) - Contagio - Mila - 2012-09-19
Blackhole Exploit Kit v2 - SpiderLabs - Daniel Chechik - 2012-09-13
Fast look at an infection by a Blackhole Exploit Kit 2.0 - 2012-09-12
Blackhole Exploit Kits update to v2.0 - 2012-09-12
<edit 26/09/12>Added Raw Copy popup</edit>
 |
| Security Tab in BH EK 1.X |
 |
| "mybots" Ips |
(According to SpiderLabs post these mybots can be updated,when you turn the blackhole in a monitoring mode that allow blacklisting of Ips landing on it when not supposed to)
 |
| режим записи - Recording Mode widget in Security Tab |
 |
| Preferences |
Following a lead of "Suspected" Blackhole2 - Malware Must Die! - unixfreaxjp - 2012-09-22
CVE-2012-4681 samples Original (APT) and Blackhole 2.0 (crime) - Contagio - Mila - 2012-09-19
Blackhole Exploit Kit v2 - SpiderLabs - Daniel Chechik - 2012-09-13
Fast look at an infection by a Blackhole Exploit Kit 2.0 - 2012-09-12
Blackhole Exploit Kits update to v2.0 - 2012-09-12
<edit 26/09/12>Added Raw Copy popup</edit>