The new version has removed its store of common and patched exploits that are likely to be picked up by virus detection and security companies, replacing them with new ones. It also now offers a
random URL generation feature that creates single-use web addresses for one-off attacks, to throw security professionals off the trail and prevent downloads of the attacking software for analysis. Following the same logic, it can be configured to switch the URLs it uses for attacks on the fly, so as one gets blacklisted, another one can pick up the attack.
It also has a masking tool for making malicious URLs look innocuous, and it offers a plug-in detector to help hackers avoid virus detection software.
The announcement was posted on the underground hacker marketplace site Exploit.ln and then translated on the Malware Don’t Need Coffee weblog from the original Russian. BlackHole 2.0 is available both as a "licensed" software product and as malware-as-a-service (MaaS) delivered through the cloud by the developer of the toolkit, known as "Paunch."
According to Threatpost, a one-day MaaS rental costs just $50, while a month-long lease goes for $500. Server licenses start at $700 for three months, up to $1,500 for a full year.