clock menu more-arrow no yes

Filed under:

Inside a $2.3 million criminal exploit business

New, 6 comments
wget stock 1020
wget stock 1020

In October, Russian police announced they'd arrested the creator of the infamous "Blackhole" exploit kit, a readymade hacking tool that offered buyers an easy way to install web-based malware in exchange for $500 to $700 a month. Today, security writer Brian Krebs takes a closer look at the man behind the kit, a portly 27-year-old Russian national who went by the alias "Paunch."

One exploit kit rented for $10,000 a month

Tracking Paunch's online footprint, Krebs sees him amassing millions from over a thousand customers, aided in part by a more sophisticated "Cool exploit kit" that rented for $10,000 a month. That money was spent on creature comforts like a Porsche Cayenne that Paunch shows off in one photo, but also more exploits, dug up from the seedier corners of the security community. By the end, Paunch was spending a whopping $450,000 for unpublished exploits, desperate to give his customers new ways to crack the ever-evolving security of web browsers.

While Paunch walked away with $2.3 millions, Krebs points out that the total damage is likely much higher, since Paunch's customers used his exploit kit to power banking Trojans like Zeus and Citadel that target small business and consumer accounts. "I would argue that Blackhole was perhaps the most important driving force behind an explosion of cyber fraud over the past three years," Krebs writes. Hopefully, now that Black Hole is being dismantled, we'll begin to see less of the fraud that was so lucrative for Paunch.