This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Spam relating to #DigiNotar certificates is detected

Share this article:
Spam relating to #DigiNotar certificates is detected
Spam relating to #DigiNotar certificates is detected

The DigiNotar hacking and subsequent trust revoke by major browsers has led to spam being detected relating to the incident.

Research by Barracuda Labs said that consumer confusion over DigiNotar certificate forgeries has resulted in spam emails being pitched directly to business customers of banks to convince them that their SSL certificate has expired.

Security researchers Dave Michmerhuizen and Luis Chapetti said that while the spam is very standard in its appearance, the message is much more dangerous.

They said: “The spammers try to create a sense of urgency with the hope that you will click one of the links to see what happens; which in this case is a particularly bad idea because the second link in the message directs the browser to a server hosting an exploit kit.

“Once the browser visits that site a series of attacks begin which can result in the download of Trojan.Buzus. This nasty payload steals login credentials and opens a backdoor allowing remote control of the now-infected computer.”

Barracuda said that it is seeing more and more overtly malicious spam directing users to sites such as these ever since the Blackhole exploit kit became widely available earlier this year.

Carl Leonard, security research manager at Websense Security Labs, told SC Magazine that this was a low volume campaign of less than 100 messages. He said: “It took the user to a .scr file that delivered the exploits. But this shows that scammers are tuned into the hot topics.

“This is not a targeted attack in an advanced persistent threat style, but it looks like a phishing email but this is much more sinister as it delivers an exploit kit and not a standard phish.

“Sometimes we do see a test run on phishing messages, but as this happened four days ago, we may see more tomorrow or the sender may decide not to bother with it.”

He also said that according to Websense's statistics, the Blackhole exploit kit was currently one of the most popular kits in the wild. Previously Websense said that Blackhole is based on PHP and a MySQL backend and it usually targets Windows operating systems and applications installed on those systems.

It also allows a malicious payload file's name to be changed to make it undetectable by anti-virus and exploits are encrypted with custom algorithms.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.