Chrome Wards Off BlackHole

Monday, December 10, 2012 @ 04:12 PM gHale


The BlackHole exploit kit is very powerful has withstood the test of time, with new iterations coming out periodically. What is interesting is Chrome seems to be the silver bullet for the notorious exploit.

When victims click on links that point to BlackHole-infested websites, they’re presented with a “loading” or a “please wait” message, while in the background they are redirected to the exploit pages that infect their computers with a piece of malware.

RELATED STORIES
BlackHole Exploit Kit Details
Password Stealing Malware Incognito
Europe Domains Host BlackHole
DNS Records Hacked

This will happen, though, when the victim uses browsers such as Internet Explorer or Firefox, said researchers at security firm Blue Coat.

During the attack, when users end up redirected to the exploit pages, a script checks the user agent to identify which browser is in play.

If the script detects Chrome, the victims do not go to the BlackHole page. Instead, the victim will go to another malicious webpage where they end up urged to install a rogue Chrome update.

This happens because BlackHole uses vulnerabilities in popular applications – such as Adobe Reader, Java and the browser itself – to push malware onto the victim’s device. However, since Chrome renders PDF files by using its built-in reader, and it asks users for permission before running a Java applet. When that happens, BlackHole cannot succeed in its malicious task.



Leave a Reply

You must be logged in to post a comment.