Just a couple of weeks after the source code for the Zeus crimeware kit turned up on the Web, the Black Hole exploit kit now appears to be available for download for free, as well.



From ThreatPost:

The Black Hole exploit kit is somewhat newer and less well-known than attack toolkits such as Zeus and Eleonore, but it has been used by attackers for major Web-based attacks for the last few months. Researchers have found that thousands of URLs have been infected with Black Hole exploit code, which is then used to infect site visitors via drive-by downloads. Kits such as Black Hole and Zeus typically will sell for upwards of $1,000 for an annual license, and some of them also give buyers the option to add extra modules and exploits for additional fees.

Now, bargain-hunting attackers can avoid paying the high prices the Black Hole creators are charging for the kit and simply download it for free. Like the leak of the Zeus source code, the availability of Black Hole for free does not bode well for site owners and defenders. Sophisticated attack tools are becoming more and more prevalent and the ease of use that some of these toolkits have makes them usable for a much broader audience than was ever the case in the past, with many of them being basically point-and-shoot toolkits.

  Black Hole Exploit Kit Available for Free