While the world waited with baited breath for the arrival of the royal baby, malware authors were hard at work creating new threats to capitalise on the event.
Kaspersky Lab security researcher Michael Molsner said in his blog that it doesn't take long for cyber criminals to exploit big news.
An e-mail promising: "The Royal Baby: Live updates" found its way into Kaspersky Lab's spam traps yesterday. It contained a link called "Watch the hospital-cam", which is a trap. Currently, it leads nowhere, as Molsner says it has already been cleaned, but by the looks of it, it may have been a compromised legitimate Web site that has subsequently been cleaned.
Molsner says Kaspersky Lab investigated what the malicious content could be, and didn't need to look far. The site was serving malicious JavaScript files designed to infect browsers with the Blackhole infection kit - a well-known threat whose purpose is to deliver a malicious payload to a victim's computer. It is rumoured to have been created by two Russians called "HodLuM" and "Paunch".
Blackhole is licensed by a 'customer' from the authors, and can be customised. The victim will either load a compromised Web page, or open a malicious link in a spam e-mail, such as in this particular case. The compromised Web page or link sends the user to a Blackhole exploit kit server's landing page, which contains obfuscated JavaScript that determines what is on the victim's computers.
It then bombards the user's browser with exploits that go after various vulnerabilities, until one of them is successful. Sometimes it also loads a Java applet tag that loads a Java Trojan horse.
According to Threatpost, it's a 'shotgun approach to exploitation and malware installation, and it's been quite successful for a variety of attack groups'. Drive-by downloads have also claimed a number of victims over the past few years, and these operations use current events as a lure for the spam campaigns that direct visitors to the compromised sites.
In recent years, there has been a spate of cyber crime exploiting big-news stories. They are like pickpockets; they go where the crowds are.
Share
