Blackhole Attack Toolkit Imitating Zeus Features: AppRiver

According to the security researchers from AppRiver, the attack toolkit namely Blackhole has been found to increasingly imitate certain attack tactics that Zeus Trojan earlier utilized. Eweek.com reported this on October 17, 2011.

Blackhole, which was traditionally utilized for contaminating lawful Internet sites for executing drive-by download assaults, presently unleashes bulk e-mails as also uses other assault techniques that the SpyEye and Zeus toolkits for crime-ware used, says Senior Security Analyst Fred Touchette for AppRiver. Eweek.com published this.

Previously, when Blackhole was employed, people resorted to methods such as Search Engine Optimization (SEO) corruption for taking victims onto malicious websites that the perpetrators crafted; however, now they're starting to utilize bulk electronic mails, Touchette continues. Touchette further says that Zeus has been normally responsible for bulk e-mails asserting that they're from Internal Revenue Service, alternatively for notices of package deliveries.

Earlier during October 2011, the AppRiver investigators spotted the change for the first time, when Steve Jobs founder of Apple died, as spam mails were dispatched widely onto the computers of Internet-users, displaying captions like "Steve Jobs Alive!" and having a web-link, which led recipients onto one Blackhole-enabled site, Touchette tells.

One more instance which Touchette highlights for showing the change within assaults based on Blackhole is the "OfficeJet spam outbreak." This spam outbreak similar to previous Blackhole assaults, seeks to capture the Internet banking credentials of victims. The working of this scam is very much similar to Zeus as well as other trojans i.e. abusing security flaws within victims' browsers while opening a backdoor that facilitates taking down and planting the PC-Trojans, states the specialist, Informationweek.com reported this on October 14, 2011.

Touchette adds that actually, the Blackhole kit seems to prefer Adobe and Java vulnerabilities.

According to him, the latest scam continues to spread slowly, however, is expected to soon stop since security-professionals have culled the majority of its URLs and blacklisted them. When at the zenith, on October 13, 2011, spam mails associated with the scam were observed flowing with a 36,000-messages/min speed. Web-links embedded on those messages led onto about 2,000 different URLs, which were harboring malware, Fred Touchette concludes.

Related article: Blackhole Exploit Injected into USPS Website

» SPAMfighter News - 10/25/2011