Dark Reading reports that attackers are increasingly using the Blackhole exploit kit in phishing campaigns. The latest phishing scam poses as an email notification from an HP (HPQ) OfficeJet Printer has sent around 36,000 per minute resulting in nearly 8 million emails thus far and uses 2,000 domains to serve up the malware.
Researchers at AppRiver told Dark Reading the trend demonstrates how Blackhole is following the pattern of popular crimeware kit Zeus and SpyEye. Blackhole traditionally has been used to infect legitimate websites for drive-by infection purposes. “This attack is unique because Blackhole added an email vector to its format and is flooding the Internet with similar methods used by Zeus, SpyEye, and others, essentially moving it into prime time,” says Fred Touchette, senior security analyst for AppRiver.
Blackhole, which previously had been marketed as a high-end crimeware tool, costing $1,500 for a one-year license, in May was unleashed for free in some underground forums. That has propelled more use of the toolkit according to the AppRiver blog.
Mr. Touchette said that attackers using Blackhole have changed tactics,”This is the first that I have personally noticed that leads email recipients to Blackhole websites. Before that, people using the Blackhole Kit relied on techniques such as SEO poisoning to lead victims to their sites,” he says.
The OfficeJet email campaign, like other Blackhole attacks, is trolling for victims’ online banking credentials according to Dark Reading. It works a lot like Zeus and others, using browser vulnerabilities on victims’ machines and creating a backdoor for downloading and installing the Trojans. AppRiver’s Touchette says Blackhole appears to favor Sun Oracle (ORCL) Java (I wrote about Java holes here) and Adobe (ADBE) bugs (I wrote about Adobe bugs here).
“This most recent campaign is still trickling in, but will soon stall as most of its domains have been picked up and blacklisted by security professionals … we were seeing malicious emails related to this campaign coming in at a rate of around 36,000 per minute,” Mr. Touchette says.
Recent botnet takedowns have spurred an increase in malware attacks recently as botnet operators try to rebuild, AppRiver’s Touchette told Dark Reading.
rb-
Yeap- We are still seeing these trickling in and still have users reporting they cant access their OfficeJet .
Related articles
- Mac OS X Trojan Horse BlackHole RAT 2.0 Discovered & Detected (prweb.com)
- Positive Trend in Malware: Rootkit Developers Killing Each Other’s Code (pcworld.com)
- New Facebook worm spreading (zdnet.com)
1. Only buy apps from recognized app stores. Apps from unofficial third-party stores and applications downloaded from peer-to-peer sites are much more likely to contain malware than apps sanctioned by official vendor stores such as the 
3. Monitor bills for irregular charges. If attackers gain access to personal information stored on the mobile device, they can quickly rack up charges by sending “silent” text messages to high-priced call services. For example, if the 
5. Be mindful that more and more employees bring their personal devices to work. Companies must have security systems and policies in place to safeguard their business environment and prevent access to company networks from employees’ personal devices. I wrote about 
A team of security researchers have engineered a way of hiding malware in sentences that read like English language spam. The research led by 
Loading ...
There are many late nights when I sit in the 
2011 marks the 40th anniversary of the 
