It was a sad day in the technology industry with the recent passing of Apple’s legendary leader, Steve Jobs. Unfortunately, the cyber-criminals see this as an opportunity. Today, we started seeing a Steve Jobs spam campaign, with the subject suggesting that he is still alive.
Steve Jobs Alive!
Steve Jobs Not Dead!
Steve Jobs: Not Dead Yet!
Is Steve Jobs Really Dead?
Sample of the Steve Jobs spam campaign
The URL links in the spam are many and varied. The websites that they point to all look to be hacked by the addition of obfuscated code that, after two layers of redirects, ultimately ends up at a BlackHole exploit kit landing page.
The HTML source code of the Blackhole Exploit kit landing page
The intermediary redirect URLs are random-looking domains, with a top level domain of .ms (Monserrat in case you didn’t know), here are some examples:
- hxxp://xnyiinobfb[dot]ce[dot]ms/index.php
- hxxp://derhvbq[dot]ce[dot]ms/index.php
The purpose of the exploit kit is to try and exploit vulnerabilities on the system and eventually download malicious executable files. At this stage, we are not sure what the ultimate payload is, as no files were actually downloaded on our test system.
Unfortunately, many people may find this spam campaign “click-worthy” given the icon that Steve Jobs was. The usual advice applies – avoid clicking links in unsolicited email. In this case, one simple click is all it takes to get compromised.
Leave a reply
