Your browser is out of date.

You are currently using Internet Explorer 7/8/9, which is not supported by our site. For the best experience, please use one of the latest browsers.

Request a Consultation

Don't Let Your Users Get Sucked into the Blackhole! Cerberus Sentinel Blog

Over the past month, TRUE NSM analysts have observed a significant increase in the number of corporate web users being attacked by the Blackhole Exploit Kit. The rate of incidents reported involving this malware is now close to two per day. The Blackhole exploit kit targets vulnerabilities in out-of-date Java and Adobe Reader software. A cursory examination of a few of the deobfuscated Javascript files delivered to users by Blackhole also shows evidence that Adobe Flash is being targeted and perhaps even a few Microsoft vulnerabilities by way of the Windows Media Player ActiveX control.

So what can corporate IT security administrators do to prevent this attack? There are several options. First, you can make sure that your Adobe Reader, Flash, and Java Runtime software on all of your client computers are being updated on a regular basis. This option is much easier said than done once you have more than a dozen PCs to worry about. There are some corporate systems management suites (e.g., LANDesk, Microsoft Systems Center Configuration Management, etc.) that could help manage this problem, but they are far from easy to install and wield properly.

The second option is to disallow use of all of this software in the first place. Unfortunately, in the modern corporate world all three of these applications are nearly essential to conduct business. Flash and Java are perhaps slightly less essential than Adobe Reader, but there are quite a few legitimate business-related websites that fail miserably if either of these software packages are missing.

The third option is probably the best: install a web filter that blocks Flash and Java except from white-listed websites. Unfortunately, installing a web filter usually requires a bit of a culture change and, for reasons I can't understand, corporate legal counsels are all too often scared of approving its use.

Anybody have other suggestions on how to attack this problem?

Ask A Question