Same Operation, Diversification Of Targets Being Spoofed: Current Black Hole Exploit Kit Spam Runs

Jun12
Same Operation, Diversification of Targets Being Spoofed: Current Black Hole Exploit Kit Spam Runs
Recent Changes in Black Hole Exploit Kit Spam Runs

As a continuation of our efforts to protect customers as outlined in our previous post, this post is an update on the current Black Hole Exploit Kit spam run activity. We’ve been identifying Black Hole Exploit Kit spam runs for a while and so far, it continues to have high activity. These spam runs remain a concern for organizations spoofed by spammers, owners of compromised websites, and the number of users receiving these phishing emails. The solutions we’ve released for these spam runs with unique insight from big data analysis and the power of Trend Micro Smart Protection Network are still effectively detecting and addressing email sent by spammers.

Changes in Black Hole Exploit Kit Spam Runs

We’ve noticed recently that while the same strategy is still being used, the spammers have now added new legitimate organizations to spoof. Specifically, they mimic legitimate emails from these entities in phishing email to lure users into clicking the URL in the message. The attack starts with spam containing a link to a compromised website which redirects users to the website where malware is hosted. As mentioned, the difference is that the organizations that are spoofed in the attack have diversified.

Recent Activity with Diversified Organizations - read here: http://blog.trendmicro.com/