Blackhole exploit kit makes a surprising encore appearance

Exploit kits are frameworks planted on Web pages that try to find software flaws on the computers in order to silently install malware.

Blackhole was one of most popular exploit kits, but it faded from prominence after its alleged creator, who went by the nickname Paunch, was arrested in Russia. The kit was sold or rented to other cybercriminals in the underground economy for hacking tools.

About four years ago, the source code for Blackhole was leaked, which led to more cybercriminals using it. But exploit kits require quite a bit of ongoing maintenance, and fresh exploits for new vulnerabilities need to be integrated to maintain high infection rates. 

For some reason, whoever decided to start using Blackhole recently made a large error and left the server that hosted the exploit kit's infrastructure open on the Internet, which allowed Malwarebytes to take a look.

The attack seen by Malwarebytes uses old PDF and Java exploits, wrote Jerome Segura, a senior security researcher for Malwarebytes, in a blog post on Tuesday.

"Although the exploits are old, there are probably still vulnerable computers out there who could get compromised," Segura wrote. "We are not quite sure why this old exploit kit is being used in live attacks considering the infection rate would be quite low due to the aging exploits."