Cyber criminals targeted users of Skype, Facebook and Windows using multiple Blackhole exploits in October, according to the latest threat report from security firm GFI Software.
Christopher Boyd, senior threat researcher at GFI Software, said the Blackhole exploit kit is one of the biggest dangers that internet users face.
“It is the chameleon of internet threats. It simplifies the process of creating cybercrime campaigns and is easily adapted to take advantage of the buzz surrounding major news events and popular brands,” he said.
However, Boyd said these attacks are relatively easy to avoid by incorporating basic internet safety practices into daily browsing.
“Users should verify the source and destination of any link before clicking and they should never run executable files unless they are positive that the source is legitimate,” he said.
Read more about Blackhole exploits
- Twitter users targeted by Blackhole malware
- Java zero-day vulnerability hits Metasploit and Blackhole
- Researchers begin analysing Black Hole exploit kit revisions
- Black Hole kit fuels drive-by attacks, rogue antivirus declines, Sophos finds
- Oracle-owned MySQL.com hacked, serves malware to visitors
The compromised links can be customised to target customers of specific companies, members of various social networking sites, or general internet users seeking information on popular news stories and events.
Researchers found that just days before the release of Microsoft’s Windows 8, some users encountered spam emails offering a free “Microsoft Windows License”. Users who clicked the malicious link and downloaded the accompanying file were hit with a Blackhole exploit and infected with a Cridex Trojan.
Another spam email campaign targeted Facebook users with a message claiming that their account was locked and needed to be re-verified. The links led to Blackhole exploits and a Zeus Trojan disguised as an Adobe Flash Player download.
The Blackhole exploit kit is one of the biggest dangers that internet users face
Skype users were also targeted by multiple campaigns. Some received spam emails containing phony voicemail notifications. Users who clicked on the Blackhole links were infected with a Zeus Trojan. Other users were confronted with spam messages from their Skype contacts containing generic questions about their profile picture and a link to a Trojan which infected their systems, deleted itself and began making DNS requests to various malicious URLs.
While many of these sites were quickly taken down, the spam campaign began hijacking victims’ PCs for click fraud and directing them to ransomware messages, demanding payment of fines for illegal file-sharing.