Pastry lovers served with ransomware via exploit kit
Posted on 23.02.2012
French cake and pastry lovers have been targeted by cyber crooks as the website of the famous confectionery company Laduree has been compromised and found serving ransomware.

The site (at has been modified to redirect users to another site hosting the BlackHole exploit kit. Once it took advantage of vulnerabilities on the visitors' computer, it would saddle the machine with the ransomware, which would promptly block it and display a fake notification from the French Police:

The message said that the users' computer was blocked because it was sending out spam and pornographic images and because the users were making illegal downloads. In order to get it unblocked, they would have to pay 200 euros via Ukash or Paysafecard.

According to Trend Micro researchers, the ransomware in question is the same one that was recently made to impersonate the Italian police and a number of European police agencies, making researchers believe that the same gang is behind all of these attacks.

"We noticed that the domain name of the URL used to host the exploit kit has been suspended," say the researchers. "Based on the logs, it was created on February 9, 2012 and last updated on February 14. The domainís registrant shows a .ru email address which might help in identifying a possible suspect, but this might just be a compromised email account."

It is interesting to note that this particular piece of malware is also capable of stealing login credentials for email accounts, social networks, poker sites, FTP servers, remote desktop software and more.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th