Oct 8 (Reuters) – Russian authorities have arrested a man believed to be responsible for distributing a notorious software kit known as “Blackhole” that is widely used by cyber criminals to infect PCs, according to a person familiar with the situation.
A former Russian police detective in contact with Russia’s federal government told Reuters that the suspect, who is known in hacking circles as “Paunch,” had been arrested. He provided no details.
Blackhole is a piece of malicious software that hackers install on web servers that then automatically infect personal computers when users visit a tainted site.
It contains an arsenal of tools for attacking PCs, each of which leverage vulnerabilities in computers. It probes potential victims looking for a way in, then attacks when it finds a weakness.
Once they are in, cyber criminals typically install other, more specialized programs on the computers of their victims. They include tools for engaging in identity theft and selling fake anti-virus software.
Security experts say that Blackhole’s developers regularly update the product so that customers can exploit the newest vulnerabilities uncovered in PCs. The ones most widely exploited include Microsoft Corp’s Windows and Internet Explorer, Adobe Systems Inc’s Reader and Flash, and Oracle Corp’s Java software.
Officials in Russia could not immediately be reached for comment on the arrest.
A spokesman for Europol in the Hague said that the European crime-fighting agency “had been informed that a high-level suspected cyber criminal” was arrested in Russia. He declined to elaborate.
Russian cyber criminals who confine themselves to attacking targets in other countries are rarely arrested, so the capture of Paunch was cause for some celebration among security researchers.
Not all of those arrested are ultimately convicted, however, and even some convicted of stealing millions of dollars have been released on probation.
Russia has one of the largest pools of talented hackers and an advanced underground economy that unites customers and programmers with those who control networks of compromised computers and can install new malicious programs at will.