Romney Emails Lead to Blackhole

Wednesday, October 17, 2012 @ 10:10 AM gHale


A new email campaign pretends from CNN is saying Mitt Romney is “almost president” and then leads to a Blackhole exploit site.

As mentioned before, cyber criminals are jumping all over the presidential election in the United States in an effort to help spread their wares.

RELATED STORIES
Get Ready for Election Spam
Botnet Scans Net for Weak VoIP Servers
Skype Targeted by Spammers
Malnets Continue Growth Spurt

“It’s not really surprising considering the surge in malicious activity we saw during the 2008 presidential election,” said Sophos’ Chester Wisniewski.

This year the lure has added more luster given Romney’s rise in the presidential debates. The headline, “More than 60 percent of votes will be in favor of Mitt Romney” does draw interest from readers whether it is true or not.

The format of the emails, using multiple CNN headlines, also draws in more interest as readers not following the election may select some of the other “articles.”

“Even if you decide news about the presidential election isn’t your cup of tea, all of the other tantalizing stories promoted in this email link to the same content, but not content on CNN.com,” Wisniewski said.

In this email, all roads lead to a Blackhole exploit site. But a possibly new feature is included. Wisniewski said went to the malicious site using a PC hardened against all known Blackhole exploits, “so it resorted to social engineering to get me to infect myself. I was presented with a page that looks identical to the real Adobe Flash Player download page, except it was hosted on a virtual private server in Maryland, USA.”

This page automatically downloaded a fake Flash updater. He suspects this might be in preparation for Internet Explorer 10, which won’t allow plug-ins like Java and Flash – users may therefore be tempted to download from source. But of course, running the fake update doesn’t download Flash, it attempts to download more malware, including a version of Zeus.



Leave a Reply

You must be logged in to post a comment.