Wednesday05 October 2022

Blackhole Malware ToolKit will live on even if the original developer, "Paunch", is gone

Reading time is around minutes.

Security, physical or data, is the type of job that never ends. There is no point that you can sit back and say “Ok, I am done”. Threats evolve existing protections are made obsolete by changing business requirements and, of course, the bad guys just keep getting smarter. This means that even if you protect from one attack, you have to bank on the knowledge that someone else will be behind that guy. In fact if you have followed the happenings of the collective Anonymous that is one of the things they say whenever any of their members are arrested.


So when we hear reports that the developer of the Blackhole malware toolkit was arrested in Russia we know that this will not stop or even slow down the security threat that is out there. Even the fact that Paunch was the biggest contributor of exploits will not have that much of an effect. The Blackhole Toolkit is one of the most prolific tool kits that is out there (ranked 24 in the world) and while the arrest of “Paunch” has temporarily halted updates to the kit we have already heard that a person (or more likely persons) have stepped up to take over.

Malware toolkits are very valuable pieces of internet property which contain different scripts that can be run on compromised web servers. These scripts can be used to inject malware onto client systems that visit compromised websites or that open poisoned email. It is unlikely that the community will allow this tool to fall apart especially given the fact that some of the people using the tool kit are paying a large amount of money for time on the system (in addition to a $1500 per year fee).

Of course there is also the possibility that rumors of the arrest of Paunch are exaggerated or they simply got the wrong guy. Right after some of the initial celebration a tweet emerged that claimed Paunch says “I will never go to jail! Do not worry friends”. Now this could be nothing more than the people hosting the Blackhole toolkit trying to maintain confidence in the product or it could be the real person. There is evidence to support both theories.

In all likelihood the Blackhole toolkit will live on and updates will keep coming in or someone will create a new toolkit to replace it. This is a temporary setback at best and is actually could provoke a much more targeted response aimed at government agencies and law enforcement. The security companies will have their hands full as the community moves to address this apparent vacuum in their ecosystem.

Tell us what you think in our Forum


Last modified on Wednesday, 09 October 2013 16:10

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.