One Unit Runs Blackhole Spam Series

Wednesday, May 2, 2012 @ 11:05 AM gHale


A string of spam email campaigns leading to websites hosting the Blackhole exploit kit are hitting inboxes around the world in waves.

The latest and most prominent ones consisted of the fake Facebook, LinkedIn, USPS and US Airways notifications, while the last one spotted masquerades as an email from employment website CareerBuilder.com saying the recipient might find a job opening appealing.

RELATED STORIES
Social Media Alert: Fake AV Hits Twitter
Socially Engineered Emails a Threat
IT Security: Physical, not Just Cyber
McAfee: Abundant Gaps in Security

As usual, the offered link takes the recipient through a number of redirections and finally lands him on a compromised site serving the exploit kit.

These spam messages are mostly targeting U.S. users, and are often very realistic spoofs of the companies’ original and legitimate emails, according to analysis by Trend Micro researchers.

“We found clear evidence that all these attacks were linked. In many cases, the same sets of compromised URLs by multiple spam runs,” the researchers said. “This suggests that at least some of the parties responsible for these attacks were identical, if it was not the same group altogether.”

The ultimate goal of these attacks is the same: The exploit kit allows for the installation of malware — predominantly Zeus Trojan variants — onto the users’ computers.



Leave a Reply

You must be logged in to post a comment.