The Latest in IT Security

Weekly Threat Update: Week 14

06
Apr
2012

1. eBay.co.uk listing redirecting bidders to exploit kit

AVG analysts have discovered an ebay.co.uk auction listing that is redirecting bidders to a Blackhole exploit kit.

After visiting the listing, users are redirected to an ebay.666222666.com site that is hosting the exploit kit. At this point they are served malicious .JAR (Java), .SWF (Adobe Flash file), and .PDF (Adobe Acrobat Reader) files used to download other malware and infect their PC.

Obfuscated script on page

AVG users are protected from this threat.

2. Phishing spam renders good impersonations of Verizon, AmEx and US Airways correspondence then lead to Blackhole sites

The threat research team this week also came across three phishing email messages that impersonate legitimate businesses and lure users to websites hosting the Blackhole exploit kits.

It is a good practice, to go to the web site of the business you are dealing with rather than clicking on links in emails you receive, no matter how legitimate they look. Any email that asks for “confirmation” of passwords or other account information should really ring the “caution” bell.

3. Blackhole-delivered rogues change names

Rogue security products, which have been with us for more than five years now, continue to use their standard operating procedure – cloning with minimal changes. The clones keep the basic malcode, but present potential victims with new names on the graphic interfaces. The most recent clones we’ve seen recently are: “Windows Shielding Utility” and “Windows Warding System.”

The name changes are intended to confuse potential victims as well as evade detection by anti-virus products.

– AVG Threat Research Group

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments