When we looked into the recent wave of WordPress site hacks, our investigation took two separate paths: uncovering the TimThumb vulnerability and the Black Hole Toolkit used to exploit it.
Now it is time to talk more in detail about what the Blackhole Toolkit is.
For starters, the Blackhole exploit kit is used to spreading malicious software to users through hacked legitimate sites. It was most likely made by Russia developers. The big clue for this is that operators can switch between Russia and English languages. The full version of this toolkit costs around $1500 on the black market. However, bargain hunters can find a stripped down version for the free online.
But, much more important than acquiring Blackhole is finding out how to get rid of it. More precisely, simply finding out if you have been infected. So, how can website owner recognize that his page was infected and has been blocked by an antivirus program because it is being misused as a redirector to site with Blackhole exploit kit? And how do they compromise your site?