- V3 Apps
McAfee has uncovered a new cyber campaign sending out malicious spam messages pretending to come from high-profile companies such as Facebook and LinkedIn.
The security firm reported uncovering a new automated spam campaign using the Blackhole exploit kit in a blog post on Thursday.
"[We've seen a number of] spam campaigns based on the Blackhole Exploit Kit send messages that contain links to compromised legitimate websites, which serve hidden iframes and redirections that exploit vulnerabilities across operating systems - from Android to Windows," wrote McAfee's Paras Gupta.
"Spam themes vary rapidly and are disguised to appear as legitimate messages from familiar services. Campaigns spoofing Facebook, LinkedIn, American Airlines, and various banking services carry embedded links to malware."
The campaigns are becoming increasingly common although the exact malware used in each campaign varies greatly.
McAfee linked the campaigns to malware designed to do everything from enslaving the infected machine to a criminal botnet to basic data theft.
The use of big name companies by criminals is an ongoing problem for the security community.
McAfee said that the issue is getting worse as criminals are developing new ways to make the messages look legitimate so people are more likely to trust them and click the malicious link.
"Spammers abuse email templates from familiar service providers by capturing automated emails, replacing links in the template with links to malware, and rebroadcasting those messages to harvested or predicted recipients," wrote Gupta.
"This tactic has proven effective for spammers. Recipients are likely to click links in familiar-looking emails and often create custom whitelist entries for common sending domains without enforcing Sender Policy Framework or DomainKeys Identified Mail validation."
Security firm Webroot reported uncovering a new online black market selling stolen business contact details of executives from Forbes 100 companies to help criminals mount spam campaigns, underlining the extent of this issue.