This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Spam relating to #DigiNotar certificates is detected

Share this article:
Spam relating to #DigiNotar certificates is detected
Spam relating to #DigiNotar certificates is detected

The DigiNotar hacking and subsequent trust revoke by major browsers has led to spam being detected relating to the incident.

Research by Barracuda Labs said that consumer confusion over DigiNotar certificate forgeries has resulted in spam emails being pitched directly to business customers of banks to convince them that their SSL certificate has expired.

Security researchers Dave Michmerhuizen and Luis Chapetti said that while the spam is very standard in its appearance, the message is much more dangerous.

They said: “The spammers try to create a sense of urgency with the hope that you will click one of the links to see what happens; which in this case is a particularly bad idea because the second link in the message directs the browser to a server hosting an exploit kit.

“Once the browser visits that site a series of attacks begin which can result in the download of Trojan.Buzus. This nasty payload steals login credentials and opens a backdoor allowing remote control of the now-infected computer.”

Barracuda said that it is seeing more and more overtly malicious spam directing users to sites such as these ever since the Blackhole exploit kit became widely available earlier this year.

Carl Leonard, security research manager at Websense Security Labs, told SC Magazine that this was a low volume campaign of less than 100 messages. He said: “It took the user to a .scr file that delivered the exploits. But this shows that scammers are tuned into the hot topics.

“This is not a targeted attack in an advanced persistent threat style, but it looks like a phishing email but this is much more sinister as it delivers an exploit kit and not a standard phish.

“Sometimes we do see a test run on phishing messages, but as this happened four days ago, we may see more tomorrow or the sender may decide not to bother with it.”

He also said that according to Websense's statistics, the Blackhole exploit kit was currently one of the most popular kits in the wild. Previously Websense said that Blackhole is based on PHP and a MySQL backend and it usually targets Windows operating systems and applications installed on those systems.

It also allows a malicious payload file's name to be changed to make it undetectable by anti-virus and exploits are encrypted with custom algorithms.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

SharePoint users break own security rules

SharePoint users break own security rules

Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.

Heartbleed slows down the internet

Heartbleed slows down the internet

As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.

Biometric data collection sparks privacy debate

Biometric data collection sparks privacy debate

You could be implicated as a criminal suspect, just by virtue of having that image in the non-criminal file, says the Electronic Frontier Foundation (EFF).