• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   The Current State of the Blackhole Exploit Kit

The Current State of the Blackhole Exploit Kit

  • Posted on:July 31, 2013 at 9:42 pm
  • Posted in:Bad Sites, Malware, Spam
  • Author:
    Jon Oliver (Senior Architect)
0

The Blackhole Exploit Kit is one of the most notorious exploit kits currently in circulation among the cybercriminal underground today. Thus, we continuously monitor for incidents and attacks involving the exploit kit itself.

Last week we reported about the spam campaign leveraging the birth of Prince William’s and Kate Middleton’s son. Our analysis of the campaign yielded its connection to other currently-ongoing campaigns that used other recent news events, such as the controversy surrounding the upcoming movie Ender’s Game.

Some of the other connected campaigns also used Facebook and eBay as lures to get users to click malicious links.

The volume of spammed messages related to this spam run reached up to 0.8% of all spam messages collected during the time period — a relatively large percentage compared to other runs. We’ve also identified a list of countries that we detect where the bulk of the spam is coming from, and found that a large portion of them were from the US.

Another notable aspect of this run is its payload, which includes the information stealer TSPY_FAREIT. TSPY_FAREIT variants are often used as payload in campaigns that leverage BHEK.

The exact variant in this particular run, detected as TSPY_FAREIT.AFM, not only steals FTP client account information on the system it affects, but also steals stored email credentials, stored login information from browsers and ALSO brute-forces Windows login with a list of predetermined passwords. It basically plunders the affected computer of personal information that can be used to compromise the user’s financial accounts, personal information and even the security of the system they’re using.

These recent developments regarding this particular exploit kit can certainly be disconcerting, but nothing particularly new in regards to BHEK being used in new, unpredictable ways. What we can glean from this, however, is that even such an old approach is still effective in getting victims, which means that more users need to be protected about this threat. And user protection is not all that hard – as we’ve reminded everyone in the past, guarding against this kind of threat is a simple matter of a)being vigilant against socially-engineered attacks and b) having a security solution that blocks out the threats themselves.

Infection can be avoided by extra vigilance by users on not clicking on the links that present themselves through suspicious mails such as these. Other precautions include: always installing the latest Java security update (Find out more on how you can use Java safely here), and using a web reputation security product.

Trend Micro users are protected from all the malicious elements involved in this overarching spam campaign. For more information regarding the Blackhole Exploit Kit, refer to our paper on the subject here.

With additional inputs from Matt Yang and Rhena Inocencio.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: BHEKblackhole exploit kiteBayExploitsFacebookMalwareroyal babySpamTwitter

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.