AVG’s new report investigates a number of malicious software developments including the newly launched 2.0 version of the Blackhole Exploit Toolkit, the evolution in malware targeting mobile banking services, a surge in malicious ads targeting social network users and a trick to hide malware inside image files.


‘Commercial’ toolkit, Blackhole, continues to lead with 63 percent malware market share and almost 76 percent share of the toolkits market. With the ‘release’ of the Blackhole Exploit Toolkit 2.0 in September, it has increased its threat capabilities significantly and is set to grow its market share and impact even further.

We can expect to see an upsurge in large scale attacks that will likely be more aggressive as a result of the new evasion techniques introduced in this latest version.

Prior to this in August, AVG Threat Labs identified an explosion of Blackhole attacks that targeted key social networks including Facebook and left users unable to log-on to their accounts or access any games or apps. Cybercriminals coordinated the attacks from multiple external advertising servers, which generated an exceptional increase from 250,000 attacks initially to over 1.6m recorded events within an eight hour period.

“Blackhole is a sophisticated and powerful exploit kit, mainly because it is polymorphic and its code is heavily obfuscated to evade detection by anti-virus solutions. The rapid update capabilities of the kit have also made it challenging for traditional antivirus vendors to track, which are the main reasons it has a high success rate,” said Yuval Ben-Itzhak, Chief Technology Officer at AVG Technologies.

“Through our multi-layered security approach with real-time analysis at the endpoint, AVG has been detecting a much higher rate of Blackhole Toolkit-based attacks than other toolkits, as Blackhole’s creator seeks to stay ahead of their competition,” he added.

With the continued rapid uptake of mobile devices, mobile banking services come under the spotlight this quarter as an increasingly lucrative target for cybercriminals. ‘Traditional’ mobile monetization methods help criminals steal small amounts per victim to stay unnoticed.

With these more advanced malware, which circumvents the two-factor authentication process some banks use, criminals can empty a victim’s bank account in one go. A 2012 PriceWaterhouseCoopers’ report projected that digital banking would become the norm globally by 2015, so these attacks can only be expected to become increasingly advanced and more prevalent.

Image files are typically considered safe as they aren’t executed. However, AVG has tracked a new attack looking at how a compromised webserver can be made to execute image files. Innocent looking image files can then be used to deliver malicious payload to unsuspecting visitors to the compromised website.