Popular French Confectionery’s Online Site Compromised

According to researchers at Trend Micro the security company, cyber-criminals have been attacking consumers abundantly ordering for French pastries and cakes, ever-since the website belonging to Laduree the renowned retailer of confectioneries recently went under the control of online-crooks.

The crooks reportedly modified the website, @laduree.fr, for diverting visitors onto a different one harboring the Blackhole attack toolkit. And as the toolkit exploited security flaws on the PCs of site visitors, a ransomware infection hit the systems, quickly locking them and exhibiting one false notice supposedly from the cops in France.

The notice referring to the blocked PC explained the reason as porn pictures and spam getting dispatched from the user's machine owing to illegal downloads performed on it. However, the computer could be unlocked if the user would send 200EUR through Paysafecard or Ukash, the message added.

Meanwhile, the ransomware isn't any different from that of the past which masqueraded as other agencies of law-enforcement, state the security researchers. In fact, the researchers are convinced that a common cyber-crooks' gang is carrying out all these destructive assaults.

Senior Threat Researcher Robert McArdle at Trend Micro, while explaining the assaults stated that his organization's researchers noticed a suspension of the Internet site's registered domain name because the site harbored the attack toolkit. That was as per the logs framed on February 9, 2012 followed with their final updating on February 14. The registering authority of the domain displayed a '.ru' electronic mail id that could assist in detecting one probable suspect, however, that could simply represent one hijacked e-mail account, hence whatever details gathered mightn't be trustworthy, McArdle contended. Blog.trendmicro.com published this on February 22, 2012.

Citing an instance, McArdle added that the registered protocol WHOIS utilized to question databases provided information according to which, the domain-operator was situated inside Moscow, while its related e-mail account claimed that the operator was situated 4-hrs away from Moscow.

Eventually, the latest assault follows immediately after the one against Cryptome.org during the 2nd week of February 2012. In that too cyber-goons had contaminated and hijacked the website, which published leaked files and intelligence documents, using 'Blackhole.'

Related article: Popular Firefox Inching Towards Malware’s Target

» SPAMfighter News - 3/1/2012