Bogus Apple invoice leads to Blackhole, banking malware
Posted on 23.11.2012
If you receive an invoice seemingly coming from Apple that apparently shows that your credit card has been billed for $699,99 (or a similar preposterously huge amount of money) because you bought postcard, don't click on any of the embedded links no matter how curious or alarmed you are.

The bogus invoice looks good enough to fool many (click on the screenshot to enlarge it):

"The link 'View/Download' ends in download.jpg.exe, while the 'Cancel' and 'Not your order' URLs end in check.php," shares Graham Cluley. "The smart social engineering bit is that, whether you are simply curious what this is about or furious about this unauthorized charge, you are still likely to click one of the links."

A click on the former link will automatically download the malware, while a click on the latter ones will take the victims to a bogus IRS page warning them that they are using an unsupported browser.

But this is simply a smokescreen designed to puzzle the user while the Blackhole exploit kit works furiously in the background, trying to exploit a host of Oracle Java, Adobe Flash Player and Adobe Reader vulnerabilities.

If it succeeds, the victims' computer is infected with a variant of the Zeus / Zbot banking Trojan. If not, they are offered a download of the latest version of their browser. The offered file is named update.exe and is also a Zeus Trojan variant.


MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection

The device can wirelessly spoof credit cards/magstripes, disable chip-and-PIN protection, and predict the credit card number and expiration date of Amex cards after they have reported stolen or lost.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th