Spammers exploit confusion over revoked SSL certificates

It was only a matter of time until cyber crooks would begin taking advantage of the DigiNotar breach and the news of the revocation of many of its certificates to trick users into downloading malware.

The latest spam campaign spotted by Barracuda targets the customers of the Royal Bank of Canada, and the email sent to them contain “Your digital certificate has expired!” in the subject line and a spoofed From field (click on the screenshot to enlarge it):

The second link in the message takes the victims to a website hosting the Blackhole exploit kit, which immediately starts doing its thing.

If successful in exploiting one of the many vulnerabilities it targets, the victims’ computer is infected with the Buzus Trojan – an information-stealing piece of malware that tries to steal login credentials to various online services and communities and sets up a backdoor through which the criminals will be able to control the computer from a remote location.