DigiNotar Revoked Following Malware Campaign
During a recent blacklisting campaign, Barracuda Networks' security experts claimed a new malware ridden spam for DigiNotar, a Dutch certificate authority that has been exploited by cybercriminals.
According to Barracuda Networks, customers of Royal Bank of Canada are victimized and the spam e-mail conveys the message that the digital certificate of the customer has expired in the subject line itself and the 'From' field is also spoofed.
Inside the e-mail, it is conveyed that the notification is forwarded followed by the expiration of RBC Online Banking SSL certificate. Continuation of online banking requires updation of the digital certificate and the e-mail is a remainder of the same.
Links are also furnished along with the e-mail to facilitate easy downloading of the RBC digital certificate.
To entice recipients with a sense of urgency, spammers have included two links, of which the second link directs the browser to a server hosting the Blackhole exploit kit.
A visit to the browser results in a series of attacks leading to the downloading of the dangerous Trojan.Buzus. This malicious payload is competent to take out all the personal credentials and open a backdoor that facilitates remote control of the infected computer as affirmed by the security researchers.
According to Barracuda, this malevolent spam that became quite popular during the advent of 2011 is blatantly more dangerous as the Blackhole exploit kit leads users to malicious sites.
However, according to Security Research Manager at Websense Security Labs, Carl Leonardit was a low note campaign containing less than 100 messages, as published in scmagazine.com.au on September 19, 2011.
Moreover, the .scr file delivered the exploits but at least, it was an eye opener to user's preference of hot topics.
Further, Leonard affirmed that the recent attack can only be tagged as a phishing e-mail but its implications are much more skeptical as it delivered an exploit kit rather than a standard phish.
In conclusion, security expert recommend users that in order to be on the safer side, they must treat spam messages with utmost care in order to prevent themselves from being victimized.
» SPAMfighter News - 27-09-2011