Confirmed: Alleged Blackhole Exploit Kit Author Arrested In Russia

A man alleged to be the author of the virulent exploit kit Blackhole has been arrested, leaving the security community celebrating a big success for law enforcement in the fight against cyber crime.

Yesterday Maarten Boone, a security researcher at Dutch firm Fox-IT, claimed the Blackhole creator known as ‘Paunch’ had been arrested in Russia. Research from Sophos last year had concluded the software, which throws exploit code at machines in the hope of infecting them with whatever malware the attacker chooses, was written in Russia.

But Troels Oerting, head of the European Cybercrime Centre, an arm of Europol, confirmed to TechWeekEurope an arrest had been made and details came through to his organisation yesterday.

“I know it is true, we got some information, but I cannot say anymore,” Oerting told TechWeek. He said he could not reveal any more on the nature of the arrest.

Blackhole exploits set to be dampened

Malwarebytes said it had seen some “corroborating events in the wild” that suggested the arrest had taken place, as crypt.am, which was used to encrypt the exploit kit, had been taken down.

Another researcher known as Kafeine pointed out that  the malicious Java applet used by Blackhole had not been updated in four days, whereas before it was being updated daily.

With no one to update the kit, it could mean the payload will stop being so effective. Smarter users with coding skills could make alterations themselves, however.

Many now expect other exploit kits, such as Stix, to see a rise in uptake. It remains to be seen if the Cool exploit kit will see a drop off in use, as security experts told TechWeek it was also created by Paunch.

“If the rumours of the Blackhole exploit kit author’s arrest are true, then this is a welcomed victory for internet users. Any move to address the threat posed by exploit kits such as Blackhole is fantastic,” Carl Leonard, of Websense Security Labs, told TechWeek.

“Whilst the arrests would be significant, due to the Blackhole exploit kit being by far the most popular web-based exploit kit in the underground market to date, there are still many functioning kits out there compromising machines and stealing data all over the world. Businesses will continue to face serious problems from this kind of activity, despite the alleged arrests, and must be mindful of the continued threat these kits possess.”

Internet Cops, Villains and Victims – Try our quiz!