‘Please confirm your U.S Airways online registration’ themed emails lead to Black Hole Exploit Kit

Posted on January 10, 2013 by ddanchev

By Dancho Danchev

In 2012, fake flight reservation confirmations and bogus E-ticket verifications were a popular social engineering theme for cybercriminals. On numerous occasions, we intercepted related campaigns attempting to trick customers into clicking on malicious links, which ultimately exposed them to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

Apparently, the click-through rates for these campaigns were good enough for cybercriminals to resume spamvertising related campaigns. In this post, I’ll profile the most recently spamvertised campaign impersonating U.S Airways.

More details:

Continue reading →

Spamvertised AICPA themed emails serve client-side exploits and malware

Posted on January 9, 2013 by ddanchev

By Dancho Danchev

Certified Public Accountants (CPAs) are a common target for cybercriminals. Throughout 2012, we intercepted several campaigns directly targeting CPAs in an attempt to trick them into clicking on the malicious links found in the emails. Once they click on any of the links, they’re automatically exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

In this post, I’ll analyze one of the most recently spamvertised campaigns impersonating the American Institute of Certified Public Accountants, also known as AICPA.

More details:

Continue reading →

Black Hole Exploit Kit author’s ‘vertical market integration’ fuels growth in malicious Web activity

Posted on January 8, 2013 by ddanchev

By Dancho Danchev

Historical cybercrime performance activity of multiple gangs and individuals has shown us that, in order for them to secure multiple revenue streams, they have the tendency to multi-task on multiple fronts while operating and serving the needs of customers within different cybercrime-friendly market segments.

A logical question emerges in the context of the fact that 99% of all the spamvertised campaigns we’re currently intercepting rely on the latest version of the Black Hole Exploit Kit - is Paunch, the author of the kit, multi-tasking as well? What’s the overall impact of his ‘vertical market integration‘ practices across the Web beyond maintaining the largest market share of malicious activity in regard to Web malware exploitation kits?

Let’s find out by discussing two of his well known revenue sources and sample a campaign that’s relying on the managed iFrame/Javascript crypting/obfuscating service that he’s also operating.

More details:

Continue reading →

Fake ‘You have made an Ebay purchase’ themed emails lead to client-side exploits and malware

Posted on January 4, 2013 by ddanchev

By Dancho Danchev

Over the past 24 hours, cybercriminals have launched yet another massive spam campaign, this time impersonating both eBay and PayPal, in an attempt to trick their users into clicking on the client-side exploits and malware serving links found in the malicious emails.

More details:

Continue reading →

‘Attention! Changes in the bank reports!’ themed emails lead to Black Hole Exploit Kit

Posted on January 3, 2013 by ddanchev

By Dancho Danchev

Cybercriminals are currently spamvertising tens of thousands of emails in an attempt to impersonate the recipients’ bank, tricking them into thinking that the Ministry of Finance in their country has introduced new rules for records keeping, and that they need to print and sign a non-existent document.

Once users click on the links found in the malicious emails, they’re automatically exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

Continue reading →

Fake BBB (Better Business Bureau) Notifications lead to Black Hole Exploit Kit

Posted on January 2, 2013 by ddanchev

By Dancho Danchev

Cybercriminals have recently launched yet another massive spam campaign, impersonating a rather popular brand used in a decent percentage of social engineering driven email campaigns – the BBB (Better Business Bureau).

Once users click on any of the links in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit kit.

More details:

Continue reading →

Spamvertised ‘Your Recent eBill from Verizon Wireless’ themed emails serve client-side exploits and malware

Posted on January 1, 2013 by ddanchev

By Dancho Danchev

Throughout 2012, we intercepted two malicious campaigns impersonating Verizon Wireless in an attempt to trick its customers into clicking on links pointing to fake eBills.

It appears that cybercriminals are back in the game, with yet another Verizon Wireless themed malicious campaign, enticing users to click on the malicious link found in the email. Once users click on the link, they’re automatically exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

Continue reading →

Fake ‘UPS Delivery Confirmation Failed’ themed emails lead to Black Hole Exploit Kit

Posted on December 27, 2012 by ddanchev

By Dancho Danchev

Continuing their well proven social engineering tactic of impersonating the market leading courier services, cybercriminals are currently mass mailing tens of thousands of emails impersonating UPS, in an attempt to trick users into clicking on the malicious links found in the legitimate-looking emails.

Once they click on the links, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit kit.

More details:

Continue reading →

Fake ‘Citi Account Alert’ themed emails lead to Black Hole Exploit Kit

Posted on December 20, 2012 by ddanchev

By Dancho Danchev

Cybercriminals are currently mass mailing hundreds of thousands of emails impersonating Citi, using two different professionally looking email templates. Upon clicking on any of the links found in the malicious emails, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

Continue reading →

Malicious ‘Sendspace File Delivery Notifications’ lead to Black Hole Exploit Kit

Posted on December 12, 2012 by ddanchev

By Dancho Danchev

Cybercriminals are currently attempting to trick hundreds of thousands of users into clicking on the malicious links found in the currently spamvertised bogus ‘Sendspace File Delivery Notifications‘.

Upon clicking on any of the links found in the email, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

Continue reading →

Webroot Threat Blog – Internet Security Threat Updates from Around the World

WEBROOT – INSIGHTS INTO THREATS AND TRENDS FROM OUR INTERNET SECURITY EXPERTS

Tag Archives: Black Hole Exploit Kit

Black Hole Exploit Kit author’s ‘vertical market integration’ fuels growth in malicious Web activity

Follow “Webroot Threat Blog - Internet Security Threat Updates from Around the World”

WEBROOT – INSIGHTS INTO THREATS AND TRENDS FROM OUR INTERNET SECURITY EXPERTS

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Follow “Webroot Threat Blog - Internet Security Threat Updates from Around the World”