Blackhole became a very popular and preferred exploit kit tool from about 2010 until October of 2013 when its alleged creator, Paunch, was arrested in Russia. Since his arrest, Blackhole EK has sharply declined in use and popularity as its modules haven’t been updated with exploits targeting new vulnerabilities. It was thought to be the end of Blackhole until security firm Malwarebytes noticed a resurfacing of what appeared to be Blackhole EK in drive-by download attacks, exploiting Java and PDF vulnerabilities. It is unlikely, however, to see a significant increase in Blackhole activity as it is probable that the recent sightings were a result of an author simply using the Blackhole EK source code.

  • More details on the recent Blackhole EK activity is available from Malwarebytes.

One example of the Blackhole EK. Image Source: Malwarebytes