With the amount of media coverage surrounding this year’s papal conclave and inauguration, it’s hardly a surprise that cybercriminals have taken advantage of this event to victimize users. We recently spotted spam that use newly-elected Pope Francis as the subject.

These email messages use the new pope and controversies surrounding the Catholic Church to pique the recipients’ curiosity. To convince users of the legitimacy of the emails, these cite CNN as the alleged source. A screenshot of an email can be seen below:

Figure 1. Sample spam entry

It should be noted that while the topic is supposedly about Pope Francis, the email below calls the new pope Benedict, which is actually the name used by his predecessor.

Figure 2. Spam entry with wrong headline

The embedded links lead users to sites which have been compromised by Blackhole Exploit Kits (BHEK). Blackhole Exploit Kits have been used to deliver a wide variety of malware incuding:

• Infostealers
• Backdoors
• Remote Access Trojans (RATs)
• Rootkits

We detect and block all related spammed messages and all associated URLs.

As for the related malware, we found out that the final payload (detected as TROJ_PIDIEF.SMXY) exploits CVE-2009-0927, a dated vulnerability in Adobe Reader and Acrobat, to perform its routines. Thus, users must ensure that their systems are up-to-date with the latest software update.

Read the rest of this entry »

Recently, it was reported that Google was unilaterally removing all ad-blocking apps from the official Google Play store. Later on, the developers of the excised apps confirmed this, adding that according to Google their apps had been removed for violating the Developer Distribution Agreement that all Android developers must agree to.

In an ideal world, one could take Google’s move to be a positive one. The exact language says:

You agree that you will not engage in any activity with the Market, including the development or distribution of Products, that interferes with, disrupts, damages, or accesses in an unauthorized manner the devices, servers, networks, or other properties or services of any third party including, but not limited to, Android users, Google or any mobile network operator.

Emphasis is ours. The apps in question do break the agreement; Google is within its rights to remove the apps.

The trouble is we don’t live in an ideal world. The rather significant number of apps and websites with aggressive ads annoyed users and created this problem. Some of these may even behave maliciously and try to subscribe the user to premium services. Many users are already wary of how ad networks track them, and are tired of seeing ads wherever they go online. Simply put, users don’t always trust ad networks and act accordingly to protect themselves.

Read the rest of this entry »