In light of the slew of persistent black hole spam runs, we have been tracking and investigating this threat that leads users to the black hole exploit. These attacks typically start with a spammed message containing a link to a compromised website that redirects a user’s browser to a malicious site hosting the said exploit. The payload of this threat is to install ZeuS variants onto user systems in order to steal sensitive information from users.
Trend Micro Solution for Black Hole Spam Runs
Focusing on the black hole exploit kits at the infection point when the malware begins to download may not be enough. We focus instead at the start of the attack. Because the email is where the threat starts, detection is needed at the beginning, for the phishing email is sent to lure users into clicking the URL that will ultimately lead to the site that downloads the malware.
We created a system that uses big data analysis and the power of Trend MicroT Smart Protection NetworkT, for a unique view of these attacks as they occur, so solutions can be quickly created. Once the details of the attacks are correlated and mapped out, solutions are released to the cloud to protect customers via Smart Protection NetworkT.
Insight into Black Hole Exploit Attacks as the Attacks Occur
The initial challenge for this threat came from the compromised websites. Owners of these compromised websites need to constantly clean up the sites that get compromised. However, the compromised websites that are still vulnerable may still be used in the next attack.
In the past weeks, black hole exploit-related activities employed social engineering lures using well-known companies like LinkedIn, US, Airways, Facebook, American Express, PayPal, and Careerbuilder. The messages we’re seeing are highly intelligent and well-crafted phishing messages that gain the trust of users. The format and wording of these email messages were made to look exactly the same as the legitimate messages from these companies. This is why these messages are difficult to detect using traditional methods.
Trend Micro continues to investigate these attacks to strengthen our solutions. We will be updating this story in the coming days to provide more insight into our protection strategy.
Leave a reply