The number one spreading web threat right now is known as the Blackhole Exploit Kit. How do you get it? Simply by clicking a link in a remarkably legitimate looking email.
The purpose of the Exploit kit is to fill your computer with malicious software simply by clicking a link in an email. It’s essentially a Trojan.
Find out more about the Exploit kit and how it works on Wikipedia
An exploit Kit is definitively “Crimeware””
Crimeware is designed (through social engineering or technical stealth) to perpetrate identity theft in order to access a computer user’s online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the thief controlling the crimeware. Crimeware also often has the intent to export confidential or sensitive information from a network for financial exploitation.
Just take a look at the above email. The email tells me that a new TV was shipped from Amazon, via my account to some address in Florida.
I would like a new TV but certainly wouldn’t ship it to Florida if I did buy one.
Of course the natural reaction is to click on a link in the email to see exactly what is going on and why you’re buying someone else a TV.
This isn’t the case though – look closely at the email.
Firstly the email didn’t come from Amazon – it came from a “Dino Delacruz” – this is a dead giveaway.
Other subtle mistakes in the email include the code error at the top of the message (next to “Your Orders”), multiple periods after the word Order, a lack of tracking information (it’s hard to track what isn’t there), misuse of uppercase letters and more.
Simply clicking on any link in the email takes you straight to a malicious web page. This page contains only the text:
“Thank you for shopping with us. We thought you’d like to know that we shipped your item, and that this completes your order. Your order is on its way, and can no longer be changed. If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com
ORDER #002-8015892-4413019
This shipment does not have an associated tracking or delivery confirmation number.”
Of course this isn’t an Amazon standard message.
Knowing what a malicious email looks like, knowing what will happen if I click etc I took the risk, purely for the reason of this post, to see what happened. As expected my updated, free version of AVG alerted me at once to the issue and immediately removed the kit.
How can you prevent computer exploits like this? Well, install and update your antivirus software – There’s a lot of free antivirus applications out there. I usually recommend AVG.
How can you clean up your computer if you are subject to an exploit kit? Well, that depends on the severity of the infection. Drop a comment and we’ll talk about it.
Related articles
Blackhole Exploit Kit v2
Blackhole creator releases stealthier exploit kit
Fake ‘Amazon order’ email exploits recent Java vulnerability CVE 2012-4681
