contadores de paginas web Saltar al contenido

Spam emails circulate with links that infect on clicking (Blackhole exploit kit)

correo falso con enlace malicioso

They are circulating Spam emails that automatically try to infect users by clicking on a link, one of the variants can be seen below. The message simulates being sent by an airline:

When the user clicks it opens a page that only shows the message Please wait a moment. You will be forwared… (please wait a moment, be redirected). This page is actually malicious and while the victim is waiting she is silently bombarded with different exploits that seek to infect her computer, something similar to what I show in this video.

In the source code of the page you can see that in addition to the waiting message there is a obfuscated script, clearly indicated that something strange is happening:

Attackers often obfuscate or encode scripts to make their analysis more difficult and to prevent them from being interpreted at first glance. In the following screenshot you can see part of the unsubscribed script, its function is to load by means of a iframe to another page that contains the malicious codes, in this case it is the Blackhole kit:

As we see, what starts with a simple email and a link can end with the infected computer automatically. This can happen, as I have commented several times, when the browser, its add-ons and the operating system are not updated … because the function of the exploit kits is to search and precisely exploit vulnerabilities of the software.

Attack variant:

Recently I was commenting on a similar case, it all started with a fake Twitter email that loaded a malicious page with the message Please Wait Loading … In the following screenshot you can see another variant that instead of including a link, comes with a HTML attachment that when opened in the browser loads the exploits:

Video chat about vulnerabilities and exploits:

You can see a demo of these automatic attacks and learn more about it in this talk given by Chema Alonso and Nico Waisman, it is a presentation suitable for all audiences, that is, entertaining and easy to understand.