October 08, 2013, 11:59 AM — Russian authorities have arrested the main developer of the notorious Blackhole exploit kit, one of the most popular attack tools used to infect Web users with malware.
The Russian Ministry of Interior did not respond to several requests for comment on Tuesday.
However, a source familiar with the investigation who requested anonymity confirmed that the creator of Blackhole, a person who uses the online identity "Paunch," has been arrested by the Russian authorities. Because the investigation is ongoing, the source declined to share additional information.
The European Cybercrime Centre (EC3) has been informed that a high-level cybercrime suspect has been arrested in Russia, Europol spokesman Soren Pedersen said Tuesday. The EC3 cannot confirm any other details including the suspect's name or his activities, and Pedersen referred all other questions to the Russian authorities.
Kaspersky's Gostev said via email that he learned about the arrest from a trusted source who also wished to remain anonymous.
The Blackhole Exploit Kit is essentially a Web application designed to exploit vulnerabilities in Web browsers or other software that's accessible from the Web through browser plug-ins, such as Java, Adobe Reader and Flash Player. Attackers redirect users from compromised websites to Blackhole landing pages hosted on malicious servers in order to install malware on computers running vulnerable software.
Blackhole has been around for years and is probably the most popular exploit kit among cybercriminals. It is sold or rented on the underground market by its creators and is frequently updated to make the exploits harder to detect.
An independent malware researcher who uses the online alias Kafeine said Monday on Twitter that the Blackhole and Cool Exploit Kit, a more expensive exploit toolkit also created by Paunch, have been frozen for over three days and haven't been updated.
There are several things that can happen to Blackhole now that its developer has been arrested, Gostev said. It can disappear, it can be replaced by other exploit kits or its development can be taken over by others. What combinations of these scenarios will happen remains to be seen, he said.