Itâ€™s tough being a malware distributor â€“ you canâ€™t exactly go around asking people to install your malware â€“ you need to be creative. So a global newsstory such as the election of Pope Francis is too good an opportunity to pass up.
The attack, launched a few days after the white smoke cleared, is based on large amounts of emails from â€œCNN Breaking Newsâ€ with subject lines such as:
- Opinion: Family sued new Pope. Exclusive!
- Opinion: New pope tries to shake off the past
- Opinion: Can New-Pope Benedict be Sued for the Sex Abuse Cases?
The second part of the attack relies on hacked websites that redirect to sites hosting the Blackhole exploit kit.
- The kit, reportedly available for rent, allows its controller to set up a drive-by malware website.
- Recipients of the pope email who click on the links will visit one of the webpages set up with Blackhole.
- Once the kit has determined that there is vulnerability â€“ for example, in an older version of Adobe Flash found on the visiting system â€“ the relevant exploit is loaded allowing the controller to gain a foothold on the infected system.
- Finally the Blackhole controller, having gained control of the visitor, can now deliver further malicious content. This could include a wide range of badware such as fake AV, ransomware, or logging software to steal banking and Web credentials. Brian Krebbs has a neat summary of all the bad things malware can possibly do nowadays.
For those not interested in the goings on in Rome, the spammers also sent out emails â€œfromâ€ the BBC offering more details about the financial bailout in Cyprus.
Note that, in both cases, the email senders and the malware distributors may not be the same gangs â€“ in this case the spammers receive affiliate revenue from any traffic they successfully direct to the sites hosting the Blackhole kits.
Best defense against this sort of drive-by Web malware is updated/patched version of Windows, Flash, Adobe Reader, and Java. And of course go to the actual websites of CNN and the BBC for genuine news stories.