Blackhole Attack Toolkit Utilization yet Quite Popular, Says Trend Micro
Trend Micro the security company recently detected one fresh spam mail run which indicates how a few malware purveyors may've abandoned the Blackhole attack toolkit for spreading their malware to more different methods, while many continue to use the same toolkit for the purpose without adopting other techniques.
The junk electronic mail campaign uses fake e-mails from Microsoft Outlook bearing the header "You received a voice mail," as they also present both one malevolent web-link and one similar attachment.
Further, in the malevolent attachment there's the Trojan Upatre in a variant named TROJ_UPATRE.SMB, which is an installer downloading ZeuS/ZBot the malware created for filching banking credentials of contaminated PC-users.
And as per Trend Micro, its researchers had previously found the Cutwail network of bots spewing spam mails having attachments that contained the Upatre, and that's as well noticed within the current spam run.
Technical Communications Specialist Jonathan Leopando of Trend Micro posted online that the current malware attack didn't clearly indicate its nature or purpose. Possibly, attackers were replacing the Blackhole with another attack toolkit and using it as one way for the long-term, however, that couldn't be said for sure, he added. Blog.trendmicro.com published this dated November 13, 2013.
Nevertheless, for remaining safe from the above kinds of malware campaigns, Trend Micro suggests computer users to run updated anti-virus solutions on their systems and stay fully safeguarded from attack toolkits/malware like the Blackhole kind. Also, they should necessarily maintain their operating system and any other software in use, up-to-date. Additionally, they should avoid downloading material that unfamiliar senders transmit just as they must eschew clicking electronic mails not expected, while treat unsolicited e-mails with suspicion no matter whether known sources have dispatched them similar as Microsoft Outlook within the current instance, the security company concludes.
» SPAMfighter News - 25-11-2013