The news that the malware creator that goes by the online handle "Paunch" has been arrested was first tweeted by Fox-IT security researcher Maarten Boone, but he couldn't offer any details.
Malwarebytes' Jerome Segura then pointed out that it just might be true, as crypt.am, a service used by Paunch to encrypt the exploit kit, was down, and another security researcher who goes by the online handle Kafeine said that the malicious Java applet used by the exploit kit has not been updated in four days - when it was previously updated once or twice per day.
The final confirmation came from a more official source. Troels Oerting, head of the Europol's European Cybercrime Centre, confirmed for Tech Week Europe that the arrest happened, but that additional information about it cannot be released for now.
"What can we expect in the next hours and days? Criminals that ‘rent’ the Blackhole exploit kit will no longer receive updates and eventually the exploit and payload are going to go stale," says Segura, and points out that those that host the exploit kit themselves could make some alterations to the kit to keep it effective - if they know how.
If someone does not take over Blackhole's development, the void will soon be filled by other exploit kits.