Following news of the death of Venezuelan President Hugo Chavez (as reported by the BBC) the Websense ThreatSeeker® Network has identified several malicious email campaigns that make reference to the President's death. Malware authors are increasingly using breaking global news events as a means of propagating lures that lead to malware.
Here is a screenshot typical of the emails we have seen in these campaigns:
We have tracked the following email subjects used in the campaign. As you can see, many of these lures try to increase a user's likelihood to click by adapting the current headlines with some fictional salacious content.
- CIA murdered Venezuela's Hugo Chavez?
- CIA "DELETED" Venezuela's Hugo Chavez?
- CIA killed Venezuela's Hugo Chavez?
Upon opening the malicious email the recipient is presented with a link offering a video. Rather than displaying a video the website takes the user to page loaded with Better Business Bureau text references.
Websense ACE proactively protected from day-0 (without update) in 2 ways: 1) Proactive detection of Blackhole Exploit Kit, for which this was an instance; 2) Proactive blocking of poor web reputation – the websites used in the campaign were already low enough to convict from day-0. The payload websites that we have been tracking were registered little more than one week before the spam campaign was first seen.
Websense customers are protected by ACE, our Advanced Classification Engine.
Lures and exploit kits are just one of many stages typical in an attack. Having protection from the early stages within the "7 Stages of an Attack" model reduces the risk of the success of an attack. If you break one link in the attack chain, you have mitigated your risk for this particular attack.
We've recently done a webinar on the "7 Stages of an Attack". Check out the archived discussion to learn how to disrupt the attack chain to prevent the download of malicious payloads and inhibit the successful execution of exploit scripts against vulnerability software.
Leave a reply