As the world remembers former British Prime Minister Margaret Thatcher, cyber attackers are participating too, but in their own wily ways.
Websense Security Labs and the Websense ThreatSeeker Network have detected that attackers are sending malicious email spam with a topic referencing the death of Thatcher.
Actually, it is not new for an attacker to use a hot topic (like the death of Hugo Chavez) to spread malware – malicious software used or programmed by attackers to disrupt computer operations and gather sensitive information, says an alert issued by the security company Websense
In this case, the lure is simple, with just a few words related to Thatcher, but it pretends to be from friends by using the “Re: Fwd:” notation. Internet-savvy customers will know that it looks suspicious and should not be tempted to click the link in the email.
Blackhole campaign
When recipients click the malicious link, they are taken to a redirection page first, and then redirected to a Blackhole Exploit Kit landing page. The landing page detects the browser and plug-in information in the client, and then serves the vulnerability file based on the plug-in information.
It is not the first time that a Blackhole malicious email campaign has been seen. It has evolved over time in combination with hot topics like the current crisis in Korea or major companies filing for bankruptcy.
Websense has warned people about some of the emails that contain subjects such as Fwd: Dollar Bank bankruptcy; Re: Shedding light on 'dark matter'; Re: Why Washington is corrupt and Re: Kissinger: Thatcher's strong beliefs.
In the case of Hugo Chavez, Websense tracked a few email subjects – ‘CIA murdered Venezuela's Hugo Chavez?’, ‘CIA “DELETED” Venezuela's Hugo Chavez?’ and ‘CIA killed Venezuela's Hugo Chavez’ – used in the campaign. Many of these lures tried to increase a user's likelihood to click by adapting the current headlines with some fictional salacious content.