Version 2.0 of the Blackhole exploit kit was recently introduced online -- a rough translation of the Pastebin post announcing the new version is available here.
"With BlackHole 2.0, the software has been 'rewritten from scratch,' say the unknown developers in a Russian-language release announcement on Pastebin," The H Security reports. "In their posting, they advertise new features such as temporary exploit URLs that are only valid for a few seconds, making them harder to analyse."
"The user can also designate page names in the URL that are human-readable (such as '/news/index.php') to fool browser users into believing they’re following a legitimate link," writes Ars Technica's Sean Gallagher. "This prevents security software from detecting exploits based on the signature of the source URL. And BlackHole 2.0 limits which attacks it attempts to launch against a target based on detection of which plug-ins are present, reducing the possibility that they will trigger an antivirus package watching for behaviors."
"Black Hole 2.0 also removes all of the old exploits for vulnerabilities that have been fixed -- even though those can still be useful against many users -- and includes a new batch of exploits," writes Threatpost's Dennis Fisher. "The new release also includes the ability to recognize more types of operating systems, including Windows 8 and several mobile operating systems, giving the attacker the ability to break down the amount of traffic he's getting from machines running each individual OS."
"The release also includes a spruced-up user interface -- so the tool can now be used by the less technically able criminal -- as well as a revised licensing structure that puts a greater emphasis on renting rather than buying the application," writes The Register's John Leyden. "Rental prices run from $50 a day while leasing the software for a year costs around $1,500."