The malicious technique in which cybercriminals send emails pretending to come from a scanner inside an office building is seen again, targeting the email accounts of company staff members.
This time, an email bearing the subject “Re: Scan from a Xerox W. Pro #XXXXXXX,” informs the recipient that a document was sent to him from a Xerox device, Websense informs.
Confused users, who may not know an employee named MAMIE
that sent the email, might rush to click on the link that allegedly points to five image files.
Instead, once clicked, the link redirects the user to a website that hosts the malevolent Blackhole exploit kit. Hiding in an iframe, the exploit kit looks for vulnerable software and once it finds it, executes a shellcode that triggers the execution and download of other pieces of malware.
More than 3,000 of these messages have been discovered so far in this campaign, but since this variant of the Blackhole kit is more advanced, offering cybercriminals the possibility to tweak their malware, the number may increase.
The Blackhole expoloit kit is usually rented by users and this latest version offers a number of improvements, such as administration options for smartphones, and an option for the kit to utilize underground audio and video scanners for malware.
Internet users who come across such emails, especially those who receive them on company emails, are advised to ignore them and report them to the organization’s IT department so that they take the appropriate measures to mitigate the attack.
IT departments should raise awareness among other members of the staff to make sure they know how to handle these and other similar threats. As recent reports show, cybercriminals mostly rely on social engineering to complete their malicious tasks and if users are well informed, their chances of succeeding drop significantly.