Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us

    Social networking websites have actively been used in different malicious campaigns by cybercriminals in the past –  most of which incorporate techniques such as phishing and spam.  One of these campaigns are the Blackhole Exploit Kit (BHEK) spam campaign, which has been plaguing Internet users for quite a while. BHEK spam campaigns are known to use popular brand names and websites to lure users.

    It’s no surprise, then, that we are now seeing a BHEK spam campaign targeting social networking website Pinterest and its users. Prior to this campaign, the website has also been the target of other threats, such as survey scams and spammed mails that lead to malicious websites.

    We received a sample of the messages being spammed, and upon analysis, discovered how its infection chain goes. Here is the entire infection chain, as follows:

    • The user receives the spammed mail in his inbox. It is tailored to resemble a legitimate mail from Pinterest, and notifies the user about a successful password change. It also presents a link that would allow him to see his new password.
    • Should the user click on the link, he is put through a series of website redirects. This redirection is detected as HTML_IFRAME.USR.
    • HTML_IFRAME.USR then downloads another malware onto the system, TROJ_PIDIEF.USR, which in turn drops BKDR_KRIDEX.KA. This final payload, being backdoor malware, has the ability to perform commands from a remote malicious user, and therefore can compromise a system’s security.

    While there is nothing new in this routine, users are still advised to always perform account-related changes only the websites they subscribe to. We also point towards the usage of CRIDEX as a final payload – a malware family that we’ve written about as one of the two families used in BHEK attacks. Like ZBOT, CRIDEX is used mainly to steal online banking information.

    To further protect themselves from these sort of threats, users should ensure that all software in their systems are updated and patched (namely Java, Adobe Acrobat, Adobe Reader, and Flash). This is because BHEK operates by exploiting vulnerabilities in popular software, and having those software plus their browser of choice updated can help prevent users from becoming victims. Avoiding links presented in suspicious mails and verifying the mail’s content first by contacting the supposed sender through other means (phone call, visitation) can also go a long way.

    The security solutions provided by Trend Micro™  protects users from all the elements of this threat.

    With additional analysis from Threat Response Engineers Alvin Bacani and Anti-Spam Research Engineer Mark Aquino.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice