It’s been reported that Russian authorities have arrested the individual believed to be responsible for the notorious “Blackhole” malware that’s widely used by cybercriminals around the world to infect PCs. The arrest of a “high-level suspected cyber criminal,” was later confirmed by Europol, the European Union’s law enforcement agency, though it did not provide further details.

“I know it is true, we got some information, but I cannot say anymore,” said Troels Oerting, head of the European Cybercrime Centre at Europol, in an interview with TechWeekEurope, reports IBTimes UK.

The arrest was confirmed in a separate report by Reuters, which was told by a former Russian police detective that the suspect – known by his hacker nickname “Paunch” – had been detained by authorities there. Russia is of course infamous for its pool of talented hackers, not too mention its fertile underground economy that serves as the world’s chief marketplace for cybercriminals, and Paunch is known to be one of the country’s most infamous malware authors.

Paunch is believed to be the brains behind a notorious malware known as “Blackhole,” a popular malicious program used by hackers to infect PCs via hijacked servers when users visit compromised websites. Blackhole contains a wealth of hacking tools that allow cybercriminals to attack PCs, leveraging a variety of vulnerabilities found in them, but even more worrying is that the malware’s creators often update their product so that its capable of exploiting the most recent vulnerabilities available. These include the most recent holes in software like Microsoft’s Windows and IE, Oracle’s Java software and Adobe’s recently hacked Reader program.

Perhaps the biggest reason for Blackhole’s popularity is its price tag – speaking to investigative journalist Brian Krebs back in January, Paunch revealed that the malware can be hired by hackers for $10,000 a month. However, Computer World reports that the Blackhole exploit can be rented for as cheaply as $200 a week, which means that the creators likely offer a variety of discount versions of the malware, depending on what capabilities hackers need.

Screenshot of the Blackhole exploit kit’s interface

Blackhole To Implode?

ZDnet reports that following the arrests, hackers who are currently renting Blackhole are unlikely to receive any more updates for the malware, which means that eventually “the exploit and payload are going to go stale.” It adds that there’s a chance that those hosting the kit could make alterations to the software themselves and keep it alive – if they are skilled enough – but says its more likely that hackers will turn to other exploits in the long run, if the arrest of Paunch turns out to be true.

However, not everyone agrees with this assessment.  As Sean Kalinich in Decrypted Tech notes, Blackhole is ranked as the 24th most prolific hacking tool in the world, which means its still an extremely valuable commodity. As such, someone else from the cybercrime community, perhaps one of Paunch’s associates who slipped through the net, could easily step in to fill the breach – with people paying thousands of $$$s each month to use it, Blackhole could be too tempting a business to just throw away.

Indeed, Kalinich reports there are rumors that someone has already stepped in to take over Blackhole and keep on churning out updates, though this cannot be confirmed. He also warns that it’s by no means certain that Paunch really was arrested:

“Right after some of the initial celebration a tweet emerged that claimed Paunch says “I will never go to jail! Do not worry friends”. Now this could be nothing more than the people hosting the Blackhole toolkit trying to maintain confidence in the product or it could be the real person. There is evidence to support both theories.”

 
Whether Paunch has been detained or not, the security threat will not go away. Either someone will step in to take over, or new exploits will emerge to take its place. Paunch’s arrest is nothing more than a temporary setback, one that will only lead to newer headaches for security firms as cybercriminals scramble to fill the void.

Check out SiliconAngle’s collection of over 150 security-related stories organized on our Springpad.