Spamvertised 'PayPal payment notifications' lead to client-side exploits and malware

Summary:A currently spamvertised malicious campaign is impersonating PayPal in an attempt to trick end and corporate users into clicking on exploits-serving links.

PayPal users, beware! A currently spamvertised malicious campaign is impersonating PayPal in an attempt to trick end and corporate users into clicking on exploits-serving links found in the emails.

Upon clicking on the links, users are exposed to the client-side exploits served by the most popular Web malware exploitation kit currently in use by cybercriminals - the BlackHole exploit kit.

The campaign ultimately drops the following MD5: 4f58895af2b8f89bd90092f08fcbd54f currently detected by 17 out of 42 antivirus vendors.

Who's behind this campaign? Over the past couple of months, a single cybercriminal, or a gang of cybercriminals have been systematically rotating the impersonation of multiple companies in an attempt to trick end users into clicking on their exploits-serving links.

So far, the gang has impersonated U.S Airways, Verizon Wireless and LinkedIn, and the campaigns show no signs of slowing down.

End and corporate users are advised to ensure that they're running the latest versions of their third-party software, and browser plugins in an attempt to avoid being exploited by the BlackHole web malware exploitation kit.

Topics: Security, Banking, Enterprise Software, Malware

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.