Pretty much everyone is aware of the BlackHole toolkit. We previously wrote a blog that compared the prevalence of various toolkits.
At FireEye, we trigger on thousands of BlackHole events every day across our customer base. We have recently seen reports that the toolkit has been updated. The following website gives you good details about what features have been included in the new toolkit: http://malware.dontneedcoffee.com/2012/09/blackhole2.0.html.
We immediately started looking through the FireEye Malware Protection Cloud (MPC) to see if the FireEye Virtual Execution engine in our appliances had seen instances of this new toolkit. (The FireEye Virtual Execution engine is our proprietary virtual machine technology that enables us to detect threats that have never before been seen.) Websense reported finding URLs in their blog, and we found a bunch of URLs—the earliest of which was detected on September 3, 2012.
