One recent study estimated that unpatched Java installations were responsible for 60 percent of successful Blackhole exploits. Researchers detected the toolkit targeting a Java zero-day vulnerability in January, but automated attack toolkits typically target older flaws. Blackhole is constantly changing, but security researchers say it is responsible for targeting at least three or more Java vulnerabilities.
The kit has been seen exploiting five or more Adobe .PDF exploits and serves up exploit Adobe Flash files. Thirty percent of the malware samples analyzed by managed security services provider Solutionary were traced back to Blackhole. Solutionary said exploit kits like Blackhole are successful because users constantly fail to patch their systems and browser components.