File:BH LMC.png - Wikipedia, the free encyclopedia

A malware mastermind may have been arrested in Russia

Shares

The co-creator of the most ubiquitous malware kit in use today has been arrested, according to the Russian police.

“Paunch,” one of the black hat hackers behind “Blackhole,” was taken into custody, a former Russian police detective told Reuters.

Blackhole, though in decline of late due to competition from other products, is still among the most popular illegal software products available. In 2011, more than half of all malware attacks were so-called “drive by” attacks, and 31 percent of those were conducted using Blackhole. It is designed to deploy a payload from a compromised website, to which a target is led either by redirection or email link.

Once on the site, hidden JavaScript scans the target and determines which exploits, or exploitable weaknesses, the computer carries. It then injects the malware payload into the computer via one of those exploits, then proceeds to siphon off personal information.

A Europol spokesperson told Reuters only that it "had been informed that a high-level suspected cyber criminal" had been arrested in Russia.

Russia may have the biggest population of for-hire hackers in the world. They have been responsible for the largest botnet-perpetrated frauds in history and have even begun to utilize old Soviet-era domains to enable their activities. However, as Reuters notes, they are rarely arrested and even those few who are are rarely convicted.

There's strong evidence Paunch and the person arrested in Russia is the same person. The malicious Java applet the toolkit uses, and which, as ZDNet notes, is usually updated once or twice a day has not been for the last four days. Additionally, a Russian encryption service the Blackhole creators use to encrypt the kit has been offline since the first public mention of the arrest by Dutch security researcher Maarten Boone.

H/T Ars Technica | Photo via Wikimedia