Blackhole Exploit Kit Takes Advantage of Cypriot Financial Crisis

      No Comments on Blackhole Exploit Kit Takes Advantage of Cypriot Financial Crisis

In recent days, the European Union (EU) financial crisis has taken a dramatic turn. Cyprus, one of the EU’s smallest member states by population, announced plans to impose a one-off levy of up to 10 percent on ordinary bank deposits. Banks across the island state have been closed while the unprecedented measures are debated in the country’s parliament. Meanwhile, anxious bank account holders—ordinary people, not bond holders or investors in Cypriot banks—await news of what will happen to their savings.

The notorious Blackhole Exploit Kit, previously featured in several posts on this blog, has started exploiting the public concern about this situation by sending out emails claiming to be news stories related to the unfolding situation.

Figure 1. Blackhole Exploit Kit malicious email

The message claims to be from the British Broadcasting Corporation (BBC) news site’s article recommendation service. The sending address has been spoofed, as have certain BBC recommendation message headers.

These messages link to a landing page with the title “Cyprus Crysys [sic] – BBC” that pretends to actually be from the British Broadcasting Corporation. This page also states: “You will be redirected to news”.

Figure 2. Blackhole Exploit Kit’s fake BBC news landing page

The page actually redirects to a familiar Blackhole Exploit Kit page which attempts several exploits, targeting vulnerabilities in Adobe Flash Player, Adobe Acrobat Reader, and Java. After several seconds, a timer function is run which then redirects the user to the real BBC website.

Figure 3. Blackhole Exploit Kit’s obfuscated JavaScript targets vulnerabilities

As mentioned, Cyprus is one of the smallest member state in the EU, but the impact of events there have broader implications. Many people in Greece moved money to Cyprus during Greek’s recent financial and political instability, believing their money would be safer there. Cyprus is also a popular offshore center for Russian business.

The parliament in Cyprus has since rejected the proposed tax, and a prominent North American bank is now being used as social-engineering content for new Blackhole Exploit Kit emails—demonstrating how quickly malware authors can respond to current affairs.

Symantec.cloud has identified more than 50 compromised websites redirecting to this latest Blackhole Exploit Kit social-engineering attack.

Protect Yourself from Tax Time Scams

      No Comments on Protect Yourself from Tax Time Scams

Tax season is now upon us, and more than ever, we are opting for the convenience of filing taxes online (81% of us did in 2012). While filing online may be faster and more convenient, there is also some risk that you need to be aware of. During 2012, the IRS discovered  $20 billion of Read more…

Citadel Malware Continues to Deliver Reveton Ransomware in Attempts to Extort Money

      No Comments on Citadel Malware Continues to Deliver Reveton Ransomware in Attempts to Extort Money

A new extortion technique is being deployed by cyber criminals using the Citadel malware platform to deliver Reveton ransomware. The latest version of the ransomware uses the name of the Internet Crime Complaint Center to frighten victims into sending money to the perpetrators. In addition to instilling a fear of… Read more »

Banker Omnia Vincit – A tale of signed Brazilian bankers

      No Comments on Banker Omnia Vincit – A tale of signed Brazilian bankers

Let us present the long-term analysis of malware which was designed to steal credentials from more than 25 largest banking and payment systems in Brazil. The unique features of this banking malware include the usage of valid digital certificates, 3 years of evolution and stealing credentials from e-commerce admin pages. This feature opens doors for […]

Android Banking Trojans Target Italy and Thailand

      No Comments on Android Banking Trojans Target Italy and Thailand

A very profitable line for mobile malware developers is Android banking Trojans, which infect phones and steal passwords and other data when victims log onto their online bank accounts. One recent trend is Android malware that attacks users in specific countries, such as South Korea and India. We have already seen this type of malware Read more…

The New Black: Facebook Black Scam Spreads on Facebook

      No Comments on The New Black: Facebook Black Scam Spreads on Facebook

Yesterday, Facebook users may have noticed an influx of their friends posting about something called Facebook Black.
 

Figure 1. Facebook photo plugging “Faecbook” Black (notice the typo in this image)
 
Similar to previous sca…

McAfee Online Safety for Kids recognized as a 2013 Computerworld Honors Laureate

      No Comments on McAfee Online Safety for Kids recognized as a 2013 Computerworld Honors Laureate

I am STOKED that IDG’s Computerworld Honors Program today recognized the McAfee Cares – Online Safety for Kids program as a 2013 Laureate. The annual award program honors visionary applications of information technology promoting positive social, economic and educational change. The Computerworld Honors Program awards will be presented at the Gala Evening and Awards Ceremony on Read more…

McAfee Marks May 16th as its Global Community Service Day

      No Comments on McAfee Marks May 16th as its Global Community Service Day

I’m excited to say that May 16th will mark McAfee’s 2nd annual Global Community Service Day.  This year, I plan to participate in a cause that I’ve been passionate about for years—teaching children about how to stay safe online.  As a mother of two children, and McAfee’s Chief Privacy Officer, I understand the importance of Read more…

Pope Themed Spam Attacks Lead to Malware

      No Comments on Pope Themed Spam Attacks Lead to Malware

Contributor: Saurabh Farkade
The Vatican City has been in the news a lot in the past few weeks due to Benedict XVI’s resignation and the election of Pope Francis. Spammers have picked up on this opportunity for spreading malware.
Symantec Securit…