14 DAY TRIAL // Researchers from a company that delivers data protection solutions observed that travel websites for destinations in U.S. cities have been serving a web exploit kit to unsuspecting visitors.
Since they are legitimate web addresses, visitors looking for travelling offers can easily reach the sites in question through search engine results, but cybercriminals also resorted to phishing in order to drive potential victims to the compromised online locations.
Once they land on the page, the exploit kit is run and profits from a vulnerability of the targeted software in order to download malware.
The researchers from Proofpoint made the discovery, and they say that the infected websites offer travels to Boston, Salt Lake City, Houston, Monterey, Rochester, Myrtle Beach, Victoria, and Utah Valley.
Mike Horn, VP, Threat Response Products at Proofpoint, said that the attack started on July 3, “and some of the web pages are promoting 4th of July activities, this attack appears to have been carefully timed to coincide with the US holiday season.”
The attackers control the malware on the victim’s infected computer through command and control servers that Proofpoint confirmed to be based in Ukraine.
“We suspect that the websites have been compromised for some time, but the attackers were carefully planning their attack for maximum impact,” Horn said.
It is unclear what exploit kit is used for the campaign, but the company ran some tests and found that only four antivirus engines on VirusTotal were able to detect it. However, the detection rate should be higher with solutions that include additional layers of protection besides malware signatures.
Spammers have also changed their offers to match the holiday. They included fake promotions for both premium and budget travelling. Their emails include pitches for chartered private jets, as well as lower-cost solutions.
Computer users are also spammed with messages for gambling on and offline, being lured with 4th of July bonuses; all they have to do is register for an account that requires some personal information.
Another fake email spotted by Symantec analysts refers to health products. The famous Cialis and Viagra products are advertised at low prices. Accessing the links leads to fraudulent websites, some of them even wishing “Happy 4th of July!” to the potential victim.
Although this flurry of 4th of July malicious activities from cybercriminals was to be expected, many users still fall for the scams, as they become more difficult to detect by the average Joe.