Researchers from WebSense are reporting on three currently active malware campaigns, attempting to trick end users into opening malicious HTML files, or automatically exploiting vulnerable PCs relying on the recent Adobe zero day flaw (CVE-2010-1297).
The first campaign is using a FIFA World Cup scandal theme, whereas the second is relying on the well known (see Fake Conficker Infection Alerts) "Virus Infection" alert theme. The Adobe zero day flaw exploitation is taking place through a mass SQL injection attack currently affecting thousands of pages.
The ongoing mass SQL injection attack is closely related to another mass injection campaign that took place earlier this week:
The attack is closely related to the hxxp://ww.robint.us/[REMOVED].js attack earlier this week that our friends at Sucuri blogged about, where the common theme was that all Web sites were running on Microsoft IIS and used ASP.NET. In fact, the majority of sites compromised by the new mass injection attack still have the robint.us code present.
The company published a video demonstrating what happens on an affected computer. A patch for the Flash flaw has already been released, with Acrobat's patch set to be released by June, 29th. Users are always free to switch to an alternative PDF reader.
More details on the FIFA/Virus Alerts themed campaigns:
- Malware Watch: iTunes gift certificates, Skype worm, fake CVs and greeting cards
- Malware Watch: Rogue Facebook apps, fake Amazon orders, and bogus Adobe updates
- Malware Watch: Twitter password reset emails, IRS-themed crimeware, malicious PDFs, and fake YouTube pages
With FIFA-themed scams and drive-by downloads campaigns prone to escalate, consider going through the related "Protection tips for the upcoming FIFA World Cup themed cybercrime campaigns", and "Ultimate guide to scareware protection" posts.