14 DAY TRIAL // Emails that purport to originate from the Better Business Bureau (BBB) or LinkedIn urge users to click on links that point to compromised WordPress sites which serve the infamous BlackHole Exploit Kit.
Trend Micro experts revealed that the BBB emails notify the recipient that a complaint has been filed against them regarding “their dealership.” The LinkedIn emails are classic notifications that inform the user of an invitation from a classmate.
Once the links from these shady emails are clicked, the unsuspecting victim is redirected to a series of compromised WordPress sites that host the BlackHole Exploit Kit, which probes for vulnerable components.
After the exploit kit finds the necessary security holes, the Cridex worm is downloaded and installed on the affected system.
By generating several random domains from which the configuration files are downloaded, Cridex’s masters can ensure that their botnet’s fate won’t be the same as Kelihos’, the botnet shut down last year by Microsoft and Kaspersky.
Depending on its configuration file, Cridex is capable of executing files, deleting files and folders, and even retrieving digital certificates.
Many of the websites that were compromised by the cybercrooks don’t have a large number of visitors, which prevents them from efficiently spreading their worm.
This is why they turn to the classic and most effective way of spreading a piece of malware, more precisely, spam.
To avoid falling into these cleverly set traps, Internet users are recommended to be on the lookout for suspicious emails that may land in their inboxes.
Because many of these phony messages almost perfectly replicate legitimate ones, it can sometimes be tricky to uncover their true purpose. However, the sender’s email address and the name of the site to which the link points to can represent telltale signs of a scam.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.