Cyber criminals target Skype, Facebook and Windows users

Cyber criminals targeted users of Skype, Facebook and Windows using multiple Blackhole exploits in October, according to security firm GFI Software

Cyber criminals targeted users of Skype, Facebook and Windows using multiple Blackhole exploits in October, according to the latest threat report from security firm GFI Software.

Researchers uncovered a large number of Blackhole exploits disguised as Windows licences, Facebook account verification emails, Skype voicemail notifications and spam messages.

Christopher Boyd, senior threat researcher at GFI Software, said the Blackhole exploit kit is one of the biggest dangers that internet users face.

“It is the chameleon of internet threats. It simplifies the process of creating cybercrime campaigns and is easily adapted to take advantage of the buzz surrounding major news events and popular brands,” he said.

However, Boyd said these attacks are relatively easy to avoid by incorporating basic internet safety practices into daily browsing.

“Users should verify the source and destination of any link before clicking and they should never run executable files unless they are positive that the source is legitimate,” he said.

Read more about Blackhole exploits

  • Twitter users targeted by Blackhole malware
  • Java zero-day vulnerability hits Metasploit and Blackhole
  • Researchers begin analysing Black Hole exploit kit revisions
  • Black Hole kit fuels drive-by attacks, rogue antivirus declines, Sophos finds
  • Oracle-owned MySQL.com hacked, serves malware to visitors

Blackhole exploits require victims to open links to compromised websites hosting a file that must be downloaded and executed to complete the attack. This file contains a JavaScript which scans for unpatched software and other vulnerabilities before deploying the appropriate exploits and infecting a machine.

The compromised links can be customised to target customers of specific companies, members of various social networking sites, or general internet users seeking information on popular news stories and events.

Researchers found that just days before the release of Microsoft’s Windows 8, some users encountered spam emails offering a free “Microsoft Windows License”. Users who clicked the malicious link and downloaded the accompanying file were hit with a Blackhole exploit and infected with a Cridex Trojan.

Another spam email campaign targeted Facebook users with a message claiming that their account was locked and needed to be re-verified. The links led to Blackhole exploits and a Zeus Trojan disguised as an Adobe Flash Player download.

The Blackhole exploit kit is one of the biggest dangers that internet users face

Skype users were also targeted by multiple campaigns. Some received spam emails containing phony voicemail notifications. Users who clicked on the Blackhole links were infected with a Zeus Trojan. Other users were confronted with spam messages from their Skype contacts containing generic questions about their profile picture and a link to a Trojan which infected their systems, deleted itself and began making DNS requests to various malicious URLs.

While many of these sites were quickly taken down, the spam campaign began hijacking victims’ PCs for click fraud and directing them to ransomware messages, demanding payment of fines for illegal file-sharing.


Image: Thinkstock

Read more on Hackers and cybercrime prevention