14 DAY TRIAL // Security researchers from Trend Micro reveal that the developers of the notorious BlackHole exploit kit have incorporated a new exploit that targets a Java vulnerability (CVE-2013-0431) addressed by Oracle on February 1.
The attacks that leverage the new exploit start with an email that appears to originate from PayPal. Users who fall for the trick and click on the links contained in the bogus messages are taken, via multiple redirects, to a site that hosts BlackHole.
The malicious code checks to see if any vulnerable versions of Adobe Reader, Java or Flash Player are installed on the victim’s device.
If a vulnerable variant of Java is identified, a piece of malware that’s designed to steal information stored in web browsers is downloaded and executed.
At the end of the infection chain, victims are redirected to a rogue pharmacy website.
According to experts, the United States and Mexico are the most affected by this BlackHole campaign. However, infections have also been spotted in Germany, Latvia, Japan, Australia, the UK, France, Italy and Spain.