BBC and CNN spam linked to Blackhole exploit kit

Security firm AVG has linked a series of malicious email messages masquerading as news alerts from the BBC and CNN to the infamous Blackhole exploit kit.

AVG reported uncovering malware-infested messages purporting to be news alerts for BBC and CNN alerts, with titles such as "New Pope sued over sex abuse".

Businesses have been warned that the fake messages included malicious links to malware-laden sites related to the Blackhole exploit kit.

"AVG Web Threats researchers have found spam from scammers using the Blackhole exploit kit that use the issue of sex abuse scandals in the Catholic Church as bait," AVG warned.

"Clicking on the link in the email takes the victim to an exploit kit. The Java download icon suggests that Java is being used to exploit the users PC."

The security vendor said that it has since linked the attack to several other bogus BBC news alert messages.

"The researchers discovered another message that the same malicious individual or group is using in their spam campaign. It reports another user saw an BBC News report on the Cyprus debt deposit tax and thought you should see it," reads AVG's statement.

The scam is one of many to target flaws in Oracle's Java platform. Previously, numerous security firms have reported detecting automated scams using exploit kits like Blackhole targeting Java.

Most recently security firm MalwareBytes reported detecting a new ransomware variant being spread by the Neutrino exploit kit, targeting Java with a fake Skype file.

Finnish security F-Secure to said the influx of new attacks means Java is currently cyber criminals' victim of choice in its 2012 H2 Threat Report in February.

• Tweet  
• Facebook  
•  
•  
• Send to  

• Topics
• Security
• AVG
• Hacking
• malware
• cyber-crime
• Java