The site (at laduree.fr) has been modified to redirect users to another site hosting the BlackHole exploit kit. Once it took advantage of vulnerabilities on the visitors' computer, it would saddle the machine with the ransomware, which would promptly block it and display a fake notification from the French Police:
The message said that the users' computer was blocked because it was sending out spam and pornographic images and because the users were making illegal downloads. In order to get it unblocked, they would have to pay 200 euros via Ukash or Paysafecard.
According to Trend Micro researchers, the ransomware in question is the same one that was recently made to impersonate the Italian police and a number of European police agencies, making researchers believe that the same gang is behind all of these attacks.
"We noticed that the domain name of the URL used to host the exploit kit has been suspended," say the researchers. "Based on the logs, it was created on February 9, 2012 and last updated on February 14. The domain’s registrant shows a .ru email address which might help in identifying a possible suspect, but this might just be a compromised email account."
It is interesting to note that this particular piece of malware is also capable of stealing login credentials for email accounts, social networks, poker sites, FTP servers, remote desktop software and more.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.