Certificate phishing sucks bank customers into Blackhole

Powered by SC Magazine
 

Bank business customers warned of invalid certificates.

Spammers are telling bank business customers that their SSL certificates had expired in efforts to exploit the blacklisting of certificate authority DigiNotar.

DigitNotar was blacklisted by major browsers after it was hacked and issued fraudulent certificates.

Barracuda Networks security researchers Dave Michmerhuizen and Luis Chapetti said the spam carried a dangerous message.

"The spammers try to create a sense of urgency with the hope that you will click one of the links to see what happens; which in this case is a particularly bad idea because the second link in the message directs the browser to a server hosting an exploit kit," they said.

“Once the browser visits that site a series of attacks begin which can result in the download of Trojan.Buzus."

That malware payload stole login credentials and created a backdoor that allowed remote control of compromised machines.

Barracuda said that it is seeing more overtly malicious spam directing users to malicious sites since the Blackhole exploit kit became widely available earlier this year.

Websense Security Labs security research manager Carl Leonard said it was a low volume campaign of less than 100 messages.

“It took the user to a .scr file that delivered the exploits. But this shows that scammers are tuned into the hot topics."

“This is not a targeted attack in an advanced persistent threat style, but it looks like a phishing email but this is much more sinister as it delivers an exploit kit and not a standard phish."

He also said the Blackhole exploit kit was one of the most popular kits in the wild.

Blackhole was based on PHP and a MySQL backend and targeted Windows operating systems and applications.

It also allowed a malicious payload file's name to be changed to make it undetectable by anti-virus, while exploits were encrypted with custom algorithms.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, US edition


Certificate phishing sucks bank customers into Blackhole
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 842

Vote