BlackOS

Posted: March 28, 2014

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	11,589
Threat Level:	2/10
Infected PCs:	3,710

First Seen:	March 31, 2014
Last Seen:	February 16, 2025
OS(es) Affected:	Windows

BlackOS is a specialized browser-redirecting toolkit used by third parties to manage some kinds of attacks and related campaigns. With an origin closely tied to previous threats, like the Kelihos botnet and the Tale of the North browser-redirecting utility, BlackOS shows all the signs of being a professionally-developed and seasoned PC threat that may install threats onto your computer with few or no visible symptoms. Because signs of BlackOS's attacks are so sparse, malware researchers encourage using passive anti-malware defenses to block the exploits that may be implemented through BlackOS on corrupted websites and hacked ones.

Turning the Lights out on Your Browser's Security

BlackOS is a spinoff of for Tale of the North, a previous program used for the same purposes: redirecting victims to unwanted websites, which usually is a technique for subjecting them to automated threat downloads. Peter Severa, who is still at large, is the original developer responsible for the first version of this black market product. He used heavy exploitation of spam e-mail messages to acquire his victims. While he no longer has any apparent relationship to BlackOS, the code between the two programs remains sufficiently similar that BlackOS may be considered an 'updated' version of the first application.

Like many other browser-redirecting PC threats, BlackOS uses iFrame exploits to redirect you to unwanted sites, which then may launch exploits to install banking Trojans, Police Trojans and other threats. However, BlackOS also has a range of other features meant to make its crimes simple to achieve:

Using its built-in geo-tracking technology to modify its behavior for traffic from different locations.
Uploading and automatically executing additional scripts that may perform further attacks.
Scanning for potential website blockades that may be erected by browser security products and anti-malware suites.
Optimizing its behavior with respect to responding to the results of major search engines.
Processing data from separate content management systems or CMSes.

These and other features allow BlackOS to implement flexible attacks around the Web that are able to handle large amounts of traffic without strain. However, some persons pay a high price for the ability to distribute their threat easily: BlackOS costs thousands of dollars annually, and still is a triple digit number when rented by the month. These costs are similar to those of other illegal software, such as rental-based exploit kits, and any person capable of designing the software BlackOS would distribute could handle such an expense without any qualms.

Bringing Illumination to the Trouble of BlackOS Redirects

A critical part of grasping the BlackOS product's intended functionality is to understand that its browser redirects may be completely concealed from its victims. Being exposed to a threatening website, or to a website that's been hacked and had BlackOS's content injected into it, may force your browser to load other PC threats that may infect your system without any warnings. As with exploit kits and other Web-based threats, malware researchers find the strongest defense against BlackOS to be the continual use of behind-the-scenes anti-malware protection. Strong anti-malware suites that are advertised as having browser security features should be able to block domains associated with BlackOS, or, at the very least, block BlackOS's iFrame redirects.

Any possible exposure to a domain related to BlackOS may be responsible for compromising your PC and installing threatening software. The security and performance problems from such attacks are as variable as the people who may choose to hire BlackOS, but may include backdoor vulnerabilities, browser hijackings, blocked use of security software, loss of personal information and being subjected to targeted extortion. Naturally, the most trusted anti-malware tools available should be used to disinfect any PC that's been subjected to a potential brush with BlackOS, whether or not you are bothered by any obvious symptoms.

Technical Details

Additional Information

The following URL's were detected:

princessmovies.ioprincessmovies.org