Bogus Apple invoice leads to Blackhole, banking malware
Posted on 23.11.2012
If you receive an invoice seemingly coming from Apple that apparently shows that your credit card has been billed for $699,99 (or a similar preposterously huge amount of money) because you bought postcard, don't click on any of the embedded links no matter how curious or alarmed you are.

The bogus invoice looks good enough to fool many (click on the screenshot to enlarge it):



"The link 'View/Download' ends in download.jpg.exe, while the 'Cancel' and 'Not your order' URLs end in check.php," shares Graham Cluley. "The smart social engineering bit is that, whether you are simply curious what this is about or furious about this unauthorized charge, you are still likely to click one of the links."

A click on the former link will automatically download the malware, while a click on the latter ones will take the victims to a bogus IRS page warning them that they are using an unsupported browser.

But this is simply a smokescreen designed to puzzle the user while the Blackhole exploit kit works furiously in the background, trying to exploit a host of Oracle Java, Adobe Flash Player and Adobe Reader vulnerabilities.

If it succeeds, the victims' computer is infected with a variant of the Zeus / Zbot banking Trojan. If not, they are offered a download of the latest version of their browser. The offered file is named update.exe and is also a Zeus Trojan variant.






Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //