Spam campaign doubles on threats
Posted on 14.11.2013
Bookmark and Share
Some malware peddlers might be moving on from using the Blackhole exploit kit to deliver malicious code, but others are still not ready to give up on it, as proven by a spam campaign recently spotted by Trend Micro.


The spam email in question is a fake “You received a voice mail” notice that offers both a malicious link and a malicious attachment.

The former leads to a compromised site with malicious JavaScript set on redirect visitors to sites hosting Blackhole, but in this particular instance, the researchers couldn’t confirm the redirection chain. Nevertheless, they say that “the added content to the compromised sites…is almost identical to that used by Blackhole campaigns.”

The latter holds a variant of the Upatre Trojan, which downloads and installs a Zeus Trojan variant. As recently noted, the Upatre downloader is a favorite tool of the Cutwail botmasters, who were previously using Blackhole almost exclusively.

“Long term, it’s unclear what this indicates. It may mean that attackers are turning to another exploit kit to replace BHEK as a long-term solution, but we cannot say for sure,” the researchers concluded.

On the other hand, this malicious spam campaign might also indicate that at least some peddlers are not very prompt when it comes to reacting to changed circumstances, or do not care that much and simply choose to rely on users downloading the attached malware.









Spotlight

Nine patterns make up 92 percent of security incidents

Posted on 23 April 2014.  |  Researchers have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //