To make sure they continue growing the developers behind Black Hole 2 have done some major work to the kit. They have cleaned up the interface to make it easier to track systems infected by your payload. They have also added in new features (that they are not talking about too publicly) to evade detection and to bypass security. Even the short list of features is pretty impressive and should concern… well anyone that needs to think about security on their systems and network, oh wait that is everyone.
One of the new improvements was very interesting to us “update machine stats to include Windows 8 and mobile devices”. We have been discussing Microsoft’s new OS from many different angles and one of the most concerning has been security. To see a new Exploit Kit drop onto the scene more than a month before the launch of the new OS is a little frightening as is the appearance of methods to track mobile devices. From what we have been able to find out they are not limiting this to a single mobile OS. It looks like there are exploits out there for just about all of them. This means that Windows RT could be and most likely is vulnerable as well. We already know that the version of Flash that is currently bundled with Modern UI version of IE 10 has several vulnerabilities that Microsoft was originally not patching until after the official launch. Thankfully they have changed their mind and plan a fix for IE 10 sooner rather than later.
Even without worrying about vulnerabilities in Windows 8, Windows RT and WP8 there is a problem with mobile malware that is growing exponentially. We are not just talking about the malware being presented in the Play Store, but also newer exploits that are getting into mobile systems through infected sites (which is what Black Hole is for). As more people are using their mobile devices to browse the internet we expect to see a spike in infections that did not come from a poisoned app over in the next year. For the last few years the mobile world has enjoyed a quiet time that is fast coming to a close. You can expect to see malware, viruses, Trojans, keyloggers and worse being released for mobile operating systems. The industry and consumers have all become too complacent over the last few years, while the carriers and phone makers need to track, catalog and document everything we do on our devices has made breaking into these products a money making proposition. The security research companies, phone makers and of course the guys that write the operating systems had better change direction very quickly or we will be looking at some very nasty malware outbreaks on our new mobile toys.
Discuss this in our Forum