The Latest in IT Security

Spam Campaign Flooding Towards Blackhole Exploit Kit

14
Dec
2012

In the last few months, we have seen an increase in the volume of malicious spam. The majority of these new spam emails contain links to the Blackhole Exploit Kit.

Earlier this year Symantec reported on malicious spam during tax season that lead to the Blackhole Exploit Kit. Similar attacks targeting well-known businesses occurred throughout 2012, affecting major brands in various service industries such as payroll, fax, and social media.

The emails claim to be contacting the recipient in regards to account transactions, pending notifications, company complaint reports etc.

The main purpose of these spam campaigns is to lure recipients into clicking on links contained in the emails. These links then lead to malicious code being downloaded, which exploits common vulnerabilities.

Note: Read The Blackhole Theory for more information about how this type of attack works.

Figure 1 shows the volume of Blackhole spam over the past three months. The attacks increased noticeably around September 18 and even more so in mid October. During this time, the attacks targeting social networks and payroll companies were prominent. Throughout the monitoring phase, we observed 19 companies being targeted by the spammers. Social media and payroll are the most popular industries targeted by spammers, contributing 35 and 31 percent respectively.

Figure 1. Blackhole spam volume peaking in mid-October

Figure 2. Distribution of spam through targeted service industries            

The most frequently observed subject lines in these attacks were:

  • [REMOVED] Urgent Notification
  • [REMOVED] Funding Notification
  • [REMOVED] Complaint activity report
  • Corporate [REMOVED] message – [REMOVED] pages
  • New invitation
  • Verify your account
  • Your Order
  • List of all Employer contributions scheduled on [REMOVED]

Figure 3. Spam email example claiming to be a transaction report

Figure 4. Spam email example claiming to be from a social networking site

Using a company or brand’s popularity in a spam campaign is nothing new, and we have seen these industries being used in other campaigns like online pharmacy spam. The good news is that Symantec protects customers from all of these attacks with multilevel protection including Antispam, IPS, and AV.

Follow these tips to avoid spam attacks:

  • Patch your operating system and software regularly
  • Use message security and antivirus solutions from Symantec and use the latest signatures
  • Be suspicious of emails with urgent requests for personal information
  • Do not open any suspicious links or attachments received in unsolicited email

Contributor: Samir Patil

Leave a reply


Categories

MONDAY, DECEMBER 10, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks