Cyber attackers are sending malicious email spam with a topic referencing the death of Baroness Thatcher, according to an IT security firm. In this case, the lure email is very simple, with just a few words related to Mrs. Thatcher, but it pretends to be from your friends by using the “Re: Fwd:” notation.
When recipients click the malicious link, they are taken to a redirection page first, and then redirected to a Blackhole Exploit Kit landing page. The landing page detects the browser and plugin information in the client, and then serves the vulnerability file based on the plugin information. The final payload is a Cridex trojan, which is known in breaking CAPTCHA codes.
Carl Leonard, Senior Security Research Manager EMEA at the IT firm Websense said: “A trending news story is exactly what cybercriminals are looking for to lure unsuspecting victims to click on a link. This technique is definitely not new but is still a successful one for the bad guys. Curiosity often gets the better of people, so companies need to have the right security solutions in place to block the malicious email, detect the malware in real-time and most importantly stop any outbound communication back to the host. Without the right protection, they could risk being tomorrow’s trending news story.”
Visit the Websense Security Labs blog post