Active Exploit Kits and their Evolution From Blackhole to Fallout and Spelevo Purple Fox Lord

In 2010 the crimeware scene became more profitable then ever and where as the main malware being used to generate revenue was FakeAV and scareware. It wasn’t as easy to infect a host until Paunch hit the scene and developed a way to use publicly available exploits as well as buying 0day exploits on the black market that he packaged up into a PHP file. Once a user visited a compromised site or clicked a direct link this package (exploit kit) would either deliver a shotgun blast of exploits or query the users browser for version information before attempting to exploit the host and if not vulnerable shutting down. The man responsible for creating this ingenous way of infecting hosts is known as Paunch.

Paunch—the hacker-handle of Dmitry Fedotov—and his ring of cyber-gang members will all serve anywhere from five and a half to eight years, with Paunch himself drawing seven. Russian news agency TASS said that one confederate, Vladimir Popov Artem Palchevsky, remains at large and was convicted in absentia.

The ring was convicted of “causing 25 million rubles in damage, by breaking into several bank websites, illegally accessing protected information and stealing funds from legal entities and entrepreneurs,” according to Sophos—which is about $750,000 in 2013 exchange rate values.

During Paunch’s reign in the early 2010’s he was credited with creating the original blackhole exploit kit and as many as 10 other variants such as Cool exploit kit and Sweet Orange.

After Paunch and his crimeware team were arrested in 2013 the exploit kit business faded away with a few stragglers sticking around such as RIG which has lastest longer then any other EK crimeware group’s kit – mostly because it has been very unsuccessful in compromising hosts over the years using a very limited and out dated CVE list.


Currently Active (or suspected active exploit kits as of April 2020)

Please follow and like us: