Scammers Take Advantages of Royal Baby Hype
In the light of recent events, cyber criminals created a plan in order to exploit the current buzz surrounding the birth of the future king. They direct the fans of newborn baby using spam email to a domain which serves as Black Hole exploit kit.
This campaign started few days ago, at the time when Kate Middleton went into labor. The scammers sent millions of letters to various recipients worldwide. The text in the letters contains a link which supposedly leads to a website providing a live feed about the birth of the baby. When users click on the link they are directed to a webpage which then again provides another link and the latter one leads to the mentioned corrupted website. Fortunately, the first webpage together with the link are now deleted. Nevertheless, investigators discovered three more URLs that are used in the same manner. If you enter the original URL in a search engine, you will be provided with only one result, which according to Kaspersky Lab experts is quite interesting.
A researcher from Kaspersky Lab, Michael Molsner, claims that the company found the same text on the webpage as in the emails distributed by the scammers, although there is one mismatch. The link supposedly leading to “hospital-cam” is still working on the newly discovered webpage. It has three more links with *.js naming in completely different hosts. Further investigations of those webpages revealed the methods they used in order to infect computers. According to the researchers, the domain implicated drive-by approach to drop the malware; thus the PC’s were infected in complete secrecy.
Currently the Black Hole is one of the most dangerous and widely used exploit kids. Although, it was created a few years ago, at first the sales of the virus were restricted by the developers. This situation changed when in 2011, when a free version of the Black Hole appeared on the internet. As a result, the amount of crimes committed using this software has increased rapidly. The cyber criminals usually employ similar tactics. They create a domain which is completely safe at first, and then compromise it with the exploit kit, which seeks for vulnerabilities in the visitors’ computers.
These tactics proved to be quite successful so now they are used by many organised groups. All in all, drive-by-download infection method is very popular among hackers; currently it is one of the main reasons computers get infected. The criminals often use popular events such as the birth of the future king in order to trick users. They often send spam email supposedly containing links associated with the events, but those links usually lead to corrupted webpages which seek for a chance to infect the PC’s. That’s why it so important to deal with unknown emails very carefully.