This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Spam relating to #DigiNotar certificates is detected

Share this article:
Spam relating to #DigiNotar certificates is detected
Spam relating to #DigiNotar certificates is detected

The DigiNotar hacking and subsequent trust revoke by major browsers has led to spam being detected relating to the incident.

Research by Barracuda Labs said that consumer confusion over DigiNotar certificate forgeries has resulted in spam emails being pitched directly to business customers of banks to convince them that their SSL certificate has expired.

Security researchers Dave Michmerhuizen and Luis Chapetti said that while the spam is very standard in its appearance, the message is much more dangerous.

They said: “The spammers try to create a sense of urgency with the hope that you will click one of the links to see what happens; which in this case is a particularly bad idea because the second link in the message directs the browser to a server hosting an exploit kit.

“Once the browser visits that site a series of attacks begin which can result in the download of Trojan.Buzus. This nasty payload steals login credentials and opens a backdoor allowing remote control of the now-infected computer.”

Barracuda said that it is seeing more and more overtly malicious spam directing users to sites such as these ever since the Blackhole exploit kit became widely available earlier this year.

Carl Leonard, security research manager at Websense Security Labs, told SC Magazine that this was a low volume campaign of less than 100 messages. He said: “It took the user to a .scr file that delivered the exploits. But this shows that scammers are tuned into the hot topics.

“This is not a targeted attack in an advanced persistent threat style, but it looks like a phishing email but this is much more sinister as it delivers an exploit kit and not a standard phish.

“Sometimes we do see a test run on phishing messages, but as this happened four days ago, we may see more tomorrow or the sender may decide not to bother with it.”

He also said that according to Websense's statistics, the Blackhole exploit kit was currently one of the most popular kits in the wild. Previously Websense said that Blackhole is based on PHP and a MySQL backend and it usually targets Windows operating systems and applications installed on those systems.

It also allows a malicious payload file's name to be changed to make it undetectable by anti-virus and exploits are encrypted with custom algorithms.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Microsoft warns on yet another zero-day security flaw

Microsoft warns on yet another zero-day security flaw

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Google launches FIDO-compliant 2FA USB key for Chrome and Gmail

Google launches FIDO-compliant 2FA USB key for Chrome ...

Google has souped up its two-factor authentication (2FA) login process with the launch of Security Key, a physical USB that only works after verifying the login site is truly a ...

Evolving TorrentLocker ransomware generating big money

Evolving TorrentLocker ransomware generating big money

The TorrentLocker ransomware has returned with a vengeance and is starting to bring in big money for its operators.