With the latest iteration of the Blackhole Exploit Kit hitting the
web this week, attackers are going to great lengths to spread around
links to get unsuspecting victims to click through to the first version
of the kit.
E-mail notifications claiming to come from Microsoft
Exchange, ADP, the Federal Deposit Insurance Corporation and other
purported “trusted sources” have been spotted this week leading web
users to pages hosting the original exploit kit.
A post by Ran Mosessco, a Security Analyst at Websense on the firm’s Security Labs blog breaks down some of the deceptive emails.
A
notification claiming to come from payroll services company ADP tries
to trick employees into clicking through to what appears to be their
Online Invoice Management account to “protect the security of [their]
data.”
Elsewhere
an email disguised as a voicemail notification from Microsoft Exchange
Server tries to get users to double click a link to listen to a
voicemail and an email that appears to come from the FDIC tries to get
users to follow a link to download “a new security version.”
While
all these links eventually lead to pages hosting the Blackhole Exploit
Kit, Mosessco writes that it likely won’t be long until they begin
directing to Blackhole 2.0. The latest version of the kit surfaced online earlier this week
and was updated to remove old exploits that have already been fixed. It
also came with new features that make it tricky for researchers to
reverse-engineer the kit.
No comments:
Post a Comment