Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in security software and solutions, discovered cybercriminals leverage once again on the latest euphoria, this time the birth of the royal baby of Prince William and Catherine, to fraud unsuspecting online users through spam emails. Sent in less than 12 hours after the birth, these emails contain a malicious link that promises live updates on the birth and appear to be from ScribbleLive, a genuine service used by major news organizations for real-time news delivery. Clicking the link will activate the JS_OBFUSC.BEB script which triggers multiple redirections that ultimately leads the victims to a BHEK (blackhole exploit kit) landing page. The page will determine the victims’ software version so that the correct exploit can be used against them.
The Blackhole Exploit Kit offers cybercriminals great convenience as it allows them to modify the different aspects of a spam run: its social engineering lure, the exploits it uses, and its payloads. The social engineering lures often come in the form of trending news, such as the Boston Marathon incident and the election of Pope Francis. Despite being an old trick in the book, online users still fall for social engineering lures due to its timely ploy.
To have an in-depth idea of this series of attack, please follow http://blog.trendmicro.com/