The Blackhole exploit kit, which until now required you to have a pocketful of money and enough hacker cred to get onto the sites where was available for sale, is now freely available to any and all. The exploit kit is a tool that allows misanthropes to commit a type of drive by attack, where clicking on a ‘tainted’ iframe will allow remote code execution to install a payload on your system. It was part of the famous US Postal Service attack that occurred recently as well as other incidents The Register mentions. Even better, the source code for ZeuS was also jsut made available. Patch early, patch often.
"A free version of the Blackhole exploit kit has appeared online in a development that radically reduces the entry-level costs of getting into cybercrime.
The Blackhole exploit kit, which up until now would cost around $1,500 for an annual licence, creates a handy way to plant malicious scripts on compromised websites. Surfers visiting legitimate sites can be redirected using these scripts to scareware portals on sites designed to exploit browser vulnerabilities in order to distribute banking Trojans, such as those created from the ZeuS toolkit."
Here is some more Tech News from around the web: