A series of surprisingly complex spam campaigns have been linked to one source.
According to a report from Darkreading.com, recent spam campaigns using messages made to look like they were sent by companies such as Facebook, LinkedIn, American Express, Paypal, FedEx, The Apple Store, Delta Airlines and many more, are all part of a single, carefully carried out attack that was designed to steal as many people’s financial details as possible. The attack used malware known as the Blackhole Exploit Kit. This malware uses a variant of the infamous Zeus Trojan to do its dirty work.
According to Darkreading.com, the attack works like this:
“A user receives the fraudulent but convincing-looking email, and if he or she visits an embedded link in the message, then the victim is directed to a known and legitimate website that the attackers have compromised. (Trend Micro would not reveal which sites were hacked). A page there redirects the user to a malicious website or the landing page. There the user’s machine is scanned for potential vulnerabilities that, when found, can be exploited and infect the machine with the information-stealing malware.”
Unlike traditional spam campaigns, this one is tremendously complex and blends phishing with drive by downloads, spear phishing, and traffic redirection. So far they’ve brandjacked nearly 100 top brands and companies. What’s not clear is why and how the victims of the attack were targeted .
Could the hackers behind the attack be using data stolen during one of the recent string of data breaches? Have the brands and companies used in the attacks been compromised and not even know it? There are no answers yet but what is clear is the hackers behind this attack are not your average joes at all.