Blackhole exploit kit infects computers with allegedly expired certificates

Sep 19, 2011 07:36 GMT  ·  By

After the scandal formed around DigiNotar, spammers send bank business clients emails informing them that their certificates have expired, urging them to click on a link in order to solve the issue.

Most internet browsers and applications banned DigiNotar certificates, a fact which created a lot of confusion and gave internauts a sense of insecurity.

According to SC Magazine, numerous security researchers discovered a series of emails which tried to fool unsuspecting users into thinking something is wrong with their certificates, thus making them access a website that should fix their problem.

When a link was clicked, a page containing an exploit kit was accessed and the system became completely compromised.

“Once the browser visits that site a series of attacks begin which can result in the download of Trojan.Buzus," revealed a couple of Barracuda Networks security researchers.

In the monitoring period in which they kept a close watch on that virus, they realized that besides stealing log-in information, the malware also opened a backdoor, giving hackers access to the infected device.

As Carl Leonard from Websense Security Labs mentions, it looks like this Blackhole exploit kit hasn't been used a lot, the more worrying aspect being the fact that the results of this campaign can be devastating.

He explained that the threat consists of a .scr file which delivers the exploits, also stating that “This is not a targeted attack in an advanced persistent threat style, but it looks like a phishing email but this is much more sinister as it delivers an exploit kit and not a standard phish."

Blackhole seems to be one of cybercriminals' favorite exploit kits, attacking Windows based systems by using a PHP and a MySQL code to cause damage and steal information.

The worst thing about this piece of malware is that it's hard to detect by anti-virus applications because it's able to change the name of the file containing it.