Fake British Telecom Notice of Delivery Spreads Cridex Malware

GFI Labs experts warn users about fake British Telecom (BT) emails designed to spread the Cridex malware with the aid of the BlackHole exploit kit.

The bogus notices of delivery, entitled “BT Business Direct Order,” read something like this:

“We’re pleased to confirm that we have now accepted and despatched you’re your order on Wed, 23 Jan 2013 02:43:49. Unless you chose a next day or other premium delivery service option, then in most cases your order will arrive within 1-3 days. If we despatched your order via Letterpost, it may take a little longer.”

At first glance, the emails look genuine. However, the attached HTML file is designed to redirect victims to a Russian website which hosts the BlackHole exploit kit.

The exploit kit probes the user’s system in search for security holes. The vulnerabilities are utilized to push the Cridex malware.