E-mail scams tout Syrian invasion, WW III

Websense Security Labs has been intercepting waves of bogus e-mails, purporting to come from “FoxNews.com Editors,” announcing an invasion of Syria by United States military forces.

One headline reads, “US deploys 25,000 troops in Syria,” and text in the e-mail points to links to breaking news stories about the “invasion” and current upheaval in Syria. A few of the headlines even suggest that this may indeed be the start of World War III.

If you were unfortunate enough to click on a link in the legitimate looking email, your computer was redirected to a site that installed a Trojan program designed to steal your your banking, social media and ecommerce details and passwords, says Alex Watson, Websense’s director of security research,.

CONTEXT: Q&A on the rise of Blackhole kits

VIDEO:Tainted websites have emerged as a pervasive threat

The malicious payload is related to the Cridex family of malware, typically used to steal banking credentials as well as harvest personally identifiable information (PII) and other confidential data for criminal gain, Watson says in a blog post.

“The campaign appears to have targeted a variety of industries and countries, as of 1600 PST on June 27th, the Websense ThreatSeeker Intelligence Cloud had detected and blocked over 60,000 samples,” he says.

Watson says low-level hackers using a type of widely available Blackhole exploit kit appear to be behind the attack.
Blackhole kits make the tainting of legit websites child’s play for novice hackers. These kits are easy to configure and automate, requiring little tech savvy, beyond drop and drag skills.

“The frightening aspect of this attack is how well this email is crafted to social-engineer users to click. The criminals responsible for
this campaign have devised not only a legitimate looking email, but one that uses topical, sensational subject matter reinforced at multiple points in the email,” says Watson. “When you combine the sophistication of the social-engineering in this e-mail with the Blackhole exploit kit’s ability to obfuscate the malicious code from security solutions, this makes it even more challenging for businesses to protect against malicious cybercriminal attack.”

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone