What we’re doing about Blackhole, and what you can do
At SophosLabs, we track Blackhole 24/7, making sure that our generic detection and reputation filtering keep up with this changing exploit kit. Whenever Blackhole learns how to counter them, we rapidly roll out updates as needed via the cloud. We also apply cutting-edge techniques for identifying and analyzing server-side polymorphic attacks such as Blackhole.
On your end, the best defense against Blackhole is a defense in depth.
1. Quickly patching operating systems and applications is always important, and it’s best to automate your patching process.
2. To reduce the attack surface, disable vulnerable systems such as Java and Flash wherever you don’t need them.
3. Block compromised legitimate websites and exploit sites through a combination of reputation filtering and content detection technologies, and use content detection to block payloads. Note that reputation filtering can often block exploit sites before content detection occurs, but it is not foolproof by itself.
4. Deter or reduce social engineering attacks that originate with spam with up-to-date spam filters and more active user education.
5. If your endpoint security product has HIPS (host intrusion prevention system) features, use them for added protection against new or modified exploits.
< Back Next >