Blackhole Malware Lurks Behind Royal Baby Announcement
While there was a great deal of intrusive speculation leading up to the birth of the Duke and Duchess of Cambridge’s son, the malicious action didn’t start until after Prince George’s arrival.
Kaspersky Lab researcher Michael Molsner reported on July 24 (two days after the prince’s birth) that the company’s spam traps had flagged a suspicious email. The suspect email was titled “The Royal Baby: Live Updates.” Within this email was a link, “Watch the hospital-cam.” Interestingly, the link within the email itself went nowhere.
Molsner speculates that this link was leading to a compromised website that had been recently cleaned. A quick Internet search using the link’s title turned up just one hit.
The Blackhole exploit kit is one of the most prevalent security threats, accounting for nearly 30 percent of all threats detected by security vendor Sophos between October 2011 and March 2012. This piece of crimeware, believed to have been developed by Russian cybercriminals, is incredibly efficient at its job: exploiting vulnerabilities in a computer’s browser to trick it into downloading and running malware covertly, without the user’s knowledge.
Once the computer is infected, the perpetrator then delivers its payload, which could be anything from ransomware to a rootkit — basically opening up that computer to further exploitation. Typically, the perpetrator then “sells” this compromised PC to others for whatever malicious activity they are planning.
Minimum defensive moves to protect against Blackhole include running antivirus and host-based intrusion-prevention systems on the machine and keeping all browsers, browser plugins and operating systems up to date.