Skip to content ↓ | Skip to navigation ↓

Reports have it that the notorious Russian hacker and malware developer known as “Paunch” and some of his associates have been arrested, though few details have been released, and Russian authorities have not yet confirmed the reports.

The news was proffered by FoxIT’s Maarten Boone in a Tweet early this morning and reported by Softpedia.

“Paunch the nickname of a Russian hacker who for the past few years has sold the wildly popular Blackhole exploit kit, a crimeware package designed to be stitched into hacked or malicious sites and foist browser exploits on visitors,” wrote Brian Krebs of KrebsOnSecurity of the notorious malware developer back in August of this year.

Late this summer, Tweets were sent to multiple security researchers from someone using the Twitter handle “Paunchbighecker,” but it was unclear if there was any connection to the Russian Hacker Paunch or if another party merely incorporated the name in order to draw attention.

“The link that Paunchbighecker sent to researchers displays what appears to be the back-end administrative panel for a Nuclear Pack exploit kit. In fact, the landing page was a fake merely made to look like a Nuclear pack statistics panel. Rather, embedded inside the page itself is a series of active Java exploits,” Krebs wrote at the time.

This lead to speculation that the malicious messages may have been an attack designed to infect the systems of the targeted researchers or others who may have noticed the Tweets, though due to the fact that infection would have required that additional steps be taken, it was determined to not be aimed at pwning visitors to the site.

“Security researcher Kafeine said he does not believe this was an attack against security researchers, but rather an intentional leak of badguy credentials. Furthermore, Kafeine notes that visitors to the site link in the Twitter messages would have to take an additional step in order to infect their own computers,” Krebs said.