We’ve been tracking and informing customers about current Black Hole Exploit Kit Spam Run activity and noted that spammers have been changing their methods to better achieve their goals. The most recent development is the aggressive turn in tactics used in these spam runs, which makes it easier for infection to occur. With the latest technique used by spammers, users only need to open the email and connection to the URL where malware downloaded is automated.
New Techniques to Increase Probability of Infection
These emails are different than previous spam as users are no longer required to click a URL before proceeding to a malicious website. A reliance on users to fall for social engineering schemes has been discarded in this campaign in favor of automated connection to malicious websites for infection. Once the email is opened, connection is made to a compromised website that redirects to another compromised website, and finally to the malicious website.
Sample of Latest Turn – No Click, Automated Connection to Malicious Site
The following is a sample of this new type of Black Hole Exploit Kit spam:
We are continuously monitoring and ensuring effective solutions for these spam runs. As we’ve pointed out in our previous post, there is a better way of handling Black Hole Exploit Kit than focusing on the infection point. In an upcoming blog post, we will discuss more about the effectiveness of our solution to this threat. Trend Micro™ Smart Protection Network™ blocks black hole exploit kit spam, detects and removes malware associated with black hole exploit kit infections, and blocks access to malicious URLs and website redirections.