Forgot your password?
Security Crime

Meet Paunch: the Accused Author of the BlackHole Exploit Kit 52

Posted by samzenpus
from the meet-and-greet dept.
tsu doh nimh writes "In early October, news leaked out of Russia that authorities there had arrested and charged the malware kingpin known as 'Paunch,' the alleged creator and distributor of the Blackhole exploit kit. Today, Russian police and computer security experts released additional details about this individual, revealing a much more vivid picture of the cybercrime underworld today. According to pictures of the guy published by Brian Krebs, if the Russian authorities are correct then his nickname is quite appropriate. Paunch allegedly made $50,000 a month selling his exploit kit, and worked with another guy to buy zero-day browser exploits. As of October 2013, the pair had budgeted $450,000 to purchase zero-days. From the story: 'The MVD estimates that Paunch and his gang earned more than 70 million rubles, or roughly USD $2.3 million. But this estimate is misleading because Blackhole was used as a means to perpetrate a vast array of cybercrimes. I would argue that Blackhole was perhaps the most important driving force behind an explosion of cyber fraud over the past three years. A majority of Paunchâ(TM)s customers were using the kit to grow botnets powered by Zeus and Citadel, banking Trojans that are typically used in cyberheists targeting consumers and small businesses.'"
This discussion has been archived. No new comments can be posted.

Meet Paunch: the Accused Author of the BlackHole Exploit Kit

Comments Filter:
  • his only fault (Score:5, Insightful)

    by gl4ss (559668) on Sunday December 08, 2013 @10:23AM (#45632457) Homepage Journal

    his only fault was that he didn't incorporate in France and didn't have NSA as a client.

    see, if you have offices and suits and your customers wear suits then the business is legit.

  • Re:I am confused. (Score:3, Insightful)

    by module0000 (882745) on Sunday December 08, 2013 @11:06AM (#45632637)

    You're not buying the skeleton of the kit - you're buying the kit equipped with the latest 0-days to be effective. The last thing you'd want to do after you pay thousands for a 0-day exploit and the kit as a payload - is give it away. Then it's in the wild and antivirus is going to protect against it.

  • Re:CHIPs? (Score:2, Insightful)

    by Anonymous Coward on Sunday December 08, 2013 @11:14AM (#45632679)

    You mean Eric Estrada was a malware kingpin?
    I don't believe it!

    How is that hard to believe? His sidekick [] was busted for stock fraud.

  • Parasites (Score:2, Insightful)

    by benjfowler (239527) on Sunday December 08, 2013 @11:29AM (#45632771)

    Goes to show what amoral shitstains these people are. He's made only a couple of million profit, by causing several orders of magnitude of damage in the process. A bit like those arseholes who steal copper cables off the train network, flog them for a few quid, but disrupt the commutes of thousands of people and rack up huge repair bills. In the animal kingdom, such entities are known as "parasites".

    Some questions have to be asked about why it took the Russian Interior Ministry so long to track Paunch and his crew down. Given Putin's "power vertical" and his penchant for interfering in the Russian judiciary and wielding it as a weapon against his perceived enemies, you have to wonder what it was all in aid of -- and what Paunch did to get himself arrested. Maybe the bribes weren't big enough?

The only thing cheaper than hardware is talk.