LinkedIn Emails lead to BlackHole

Thursday, November 1, 2012 @ 03:11 PM gHale

One solid way to draw in victims to a BlackHole exploit kit-infested website is by sending them a confusing email in which they’re urged to click on a link or open an attachment. It works.

One of the latest plots is fairly simple. The cyber criminals send out fake LinkedIn emails entitled “Your photos” in an attempt to trick users into opening an attached .htm file, said researchers at Sophos.

XSS Top Web Attack
Spam Leads to Blackhole Attack
Java SE Zero Day Fix can Wait
Blackhole Updates Product Offering

The notification reads: “Hi, I have attached your photos to the mail (Open with Internet Explorer).”

Once the file, called “Image_DIG[random number].htm” is opened, a “please wait a moment” message is displayed.

In the meantime, in the background, the victim ends up redirected to a BlackHole exploit website that’s designed to serve malware.

Depending on which antivirus is on the computer, the malicious .htm file reads as Mal/JSRedir-M.

One thing to keep in mind is LinkedIn never attaches files to notifications.

Leave a Reply

You must be logged in to post a comment.