Blackhole outfitted with exploit for recently patched Java flaw
Posted on 04.03.2013
The exploit for the recently patched CVE-2013-0431 Java vulnerability has been added to the Blackhole exploit kit, Trend Micro researchers report.

The fact was discovered through the analysis of the latest PayPal-themed spam run that leads to a page hosting the exploit kit.

Users are presented with a "Receipt for your PayPal payment to…" email, and are urged to verify the details of the payment order by clicking on a link included in the message.

Through a series of redirections, they are taken first to a page booby-trapped with the Blackhole exploit kit, and then to a "Canadian Pharmacy" type of web page:


Whether Blackhole exploits an Adobe Reader, Flash Player, and Java vulnerability is immaterial - it all ends up with users getting infected with malware.

In this case, it's a Trojan that attempts to steal stored account information used in a number of FTP clients or file manager software; email credentials from email clients; user names, passwords, and hostnames stored in browsers; and tries to access password-protected locations by trying out a hardcoded list of username / password combinations.

It's also interesting to note that the final destination of the infection chain is a Canadian pharmacy site. The victims who come to the realization that they were duped are "reassured" that it was only spam that leads to such sites, and likely won't even search for malware infections on their computer.









Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //