• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Exploits   »   Blackhole Exploit Kit Transforms Phishing

Blackhole Exploit Kit Transforms Phishing

  • Posted on:July 12, 2012 at 2:46 am
  • Posted in:Exploits, Spam, Vulnerabilities
  • Author:
    Sandra Cheng (Product Manager) and Jon Oliver (Senior Architecture Director)
0

Phishing has fundamentally changed and its transformation was aided by the blackhole exploit kit. We’ve been blogging about persistent phishing spam runs, including the association of these spam runs with blackhole exploit kits, since earlier this year. We’ve also released a technical paper containing details of our research, which includes the unique insight we have into these events from big data analytics and Trend Micro™ Smart Protection Network™. The paper also includes details about how to effectively protect users.

We’ve been keeping tabs on these events and it is evident that things have changed in the world of phishing. Cybercriminals are no longer relying on users to submit their personal information and they have increased the success rate of their attacks with new methods. Now, the only thing cybercriminals rely on is for users to open an email and click a link.

Old Advice for Phishing

Given this scenario, traditional or “old” advice about phishing are out-of-date and may no longer be enough to protect users. Some of this type of advice includes:

  • “Be suspicious of any email with urgent requests for personal financial information.”
  • “The email states that you should update your information for one reason or another, and they usually provide a link that you can click to do so.”
  • “Avoid filling out forms in email messages that ask for personal financial information”

What has changed?

With the advent of exploit kits, cybercriminals have bypassed the step wherein they rely on users to submit their personal information. In 2012, the major method of attack is to place malware on the user’s computer using exploits and vulnerabilities. Malware, such as ZeuS and Cridex, will silently monitor activity on the computer and look for activity such as logins to financial websites. All they need to make this happen is for a user to click a bad link in email that looks legitimate.

The phishing messages of today have far less urgency and the message is implicit:

  • “Your statement is available online”
  • “You message is ready”
  • “Incoming payment received”
  • “Pending Messages: There are a total of 1 messages awaiting your response. Visit your inbox now”
  • “Password reset notification”

In many cases these messages are identical to the legitimate messages sent by the legitimate organization. Sometimes, the only difference between the legitimate version of the email and the phished version is the bad link. Read our paper Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs for more information about these threats and help protect users.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.