Fake British Telecom Notice of Delivery Spreads Cridex Malware

The BlackHole exploit kit is used to push the malicious element

By Eduard Kovacs on January 25th, 2013 23:11 GMT

GFI Labs experts warn users about fake British Telecom (BT) emails designed to spread the Cridex malware with the aid of the BlackHole exploit kit.

The bogus notices of delivery, entitled “BT Business Direct Order,” read something like this:

“We’re pleased to confirm that we have now accepted and despatched you’re your order on Wed, 23 Jan 2013 02:43:49. Unless you chose a next day or other premium delivery service option, then in most cases your order will arrive within 1-3 days. If we despatched your order via Letterpost, it may take a little longer.”

At first glance, the emails look genuine. However, the attached HTML file is designed to redirect victims to a Russian website which hosts the BlackHole exploit kit.

The exploit kit probes the user’s system in search for security holes. The vulnerabilities are utilized to push the Cridex malware.
Fake BT email (click to see full)
   Fake BT email (click to see full)
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments