Xerox Scanned Documents Conceal Blackhole
The sinister method through which online crooks dispatched e-mails posing as originating out of an office premises' scanner has yet again revived, attacking company employees' e-mail accounts, reported softpedia on January 19, 2012.
Bearing an appealing caption: "Re: Scan from a Xerox W. Pro #XXXXXXX," the scam electronic mail, unlike previously when it made users append one zipped file, currently encourages them for following one download web-link, warns Websense a widely familiar security company.
Reportedly, Websense's researchers state that the e-mail's payload contains an iFrame so the web-link diverts the user onto a sinister website, which harbors one Blackhole exploit toolkit. Immediately, as this iFrame gets installed, the exploit toolkit's content that includes one highly confused code too gets installed. And once that code is unlocked, the original one hunts for security flaw-infested software that it summarily exploits. This enables for running one shell code, which starts off the download as well as execution of malicious software.
Websense, in the scam, discovered over 3,000 e-mails, thus far; however, as the latest Blackhole variant represents one highly sophisticated toolkit allowing cyber-crooks for tweaking their software, there could be an even greater number of e-mails.
Normally, the Blackhole attack toolkit is used on hire, and the new variant is featured with many improvements like providing smart-phones with administration options as also allowing the toolkit to use illegitimate video/audio scanners for spreading malicious software.
Blackhole is presently widely prevalent and attackers utilize it commonly. The kit presents SaaS (software-as-a-service) solution to its users who merely require hiring the toolkit. The handling of its domain name registration, its website configuration as well as setup, however, is the job of the creator parties itself.
Security specialists suggest that IT departments require educating other employees in their organizations for ensuring they know the way for dealing with these as also more likewise threats.
They add that Internauts who find the mentioned kinds of e-mails, particularly in the form of company e-mails, should overlook them, but not forget to inform about them to their company's information technology section for letting it adopt suitable steps towards diffusing the assault.
» SPAMfighter News - 25-01-2012