BlackEnergy Malware was first reported in 2007 as an HTTP-based toolkit that generated bots to execute distributed denial of service attacks.
The attack is distributed via a Word document or PowerPoint attachment in an email, luring victims into clicking the seemingly legitimate file.
[6] BlackEnergy can be detected using the YARA signatures provided by the United States Department of Homeland Security (DHS).
As an update on BlackEnergy 1, it combines older rootkit source code with new functions for unpacking and injecting modules into user processes.
The changes simplified the malware code: this version installer drops the main dynamically linked library (DLL) component directly to the local application data folder.