2012-09-23 - Panel

Behind the Captcha or Inside Blackhole Exploit Kit 2.0 - Exploit Kit Administration Panel

Available to its client since second week of september, the Blackhole Exploit Kit has been, according to Paunch, its coder, rewritten from scratch (<- You'll see all announced features here) . URL patterns are now different. Most improvements are focused on making "defenders" job a little harder.
(For previous version of Blackhole see : Inside Blackhole Exploits Kit v1.2.4 )

New login screen with Captcha,
making bruteforce attack on the panel a little harder

BH EK 2.0 Menu
BH EK 1.x Menu

On the panel I saw there were buttons that were not on SpiderLabs post and in 2 other css I gathered.

copy_txt button allowing raw copy of the Data
Css part related to the copy_txt button (on the Left what i found elsewhere)
Raw Copy popup

Getting Guest Statistics Link

Blocked Statistics


Thread Creation - Part1
Thread Creation - Part 2

Thread Parameters

Soft Versions
Security Tab in BH EK 2.0

Security Tab in BH EK 2.0 (in English but not only for translation, look at Tor exit node number and dates)
режим записи = Recording Mode

As a comparison Security Tab in BH EK 1.x :
Security Tab in BH EK 1.X
The Bot list include IP range from altavista, excite, google, infoseek, lycos, tagged as non_engines, northernlight, inktomi, many ranges tagged as misc, and around 8000 Ips tagged as mybots

"mybots" Ips

(According to SpiderLabs post these mybots can be updated,when you turn the blackhole in a monitoring mode that allow blacklisting of Ips landing on it when not supposed to)
режим записи - Recording Mode widget in Security Tab

You want to read more ?
Following a lead of "Suspected" Blackhole2 - Malware Must Die! - unixfreaxjp - 2012-09-22
CVE-2012-4681 samples Original (APT) and Blackhole 2.0 (crime) - Contagio - Mila - 2012-09-19
Blackhole Exploit Kit v2 - SpiderLabs - Daniel Chechik - 2012-09-13
Fast look at an infection by a Blackhole Exploit Kit 2.0 - 2012-09-12
Blackhole Exploit Kits update to v2.0 - 2012-09-12

<edit 26/09/12>Added Raw Copy popup</edit>