Thursday, April 17, 2014
Breaking News
Home / Malware / BlackHole being used to target businesses

BlackHole being used to target businesses

Hackers launched an attack effort earlier this week in which they sent out a mass of emails purposing to come from the financial software developer Intuit.

The emails carried links that led to sites hosting the Blackhole exploit kit in an obvious attempt to infect the machines of corporate users.

In a Webroot analysis, Dancho Danchev explains that the two individual campaigns copied Intuit Payroll’s direct deposit system in hopes that their receivers would follow malevolent links enclosed in the emails and thus infect themselves with the latest version of the Black Hole Exploit kit.

The exploit is serving an Adobe vulnerability from two years ago, CVE-2010-0188. A successful exploitation will load ‘MD5: 5723f92abf257101be20100e5de1cf6f’ and ‘MD5: 06c6544f554ea892e86b6c2cb6a1700c’ to its host.

The various malicious domains used in the campaign responded to the same set of IP addresses. You can find a list of the malicious URLs in Danchev’s write-up.

About FastFlux

Owner of ZeroSecurity, intrested in programming, malware analysis and penetration testing. If you are interested in joining the ZeroSecurity team please use the contact forum located above to contact us.

Discuss!

Loading Disqus Comments ...
Loading Facebook Comments ...