Banking crisis in Cyprus is now being used in a spam campaign promoting the Blackhole exploit kit and the Win32/Cridex Trojan.
[Update: hat tip to Kafeine for pointing out that we cited the wrong CVE number. Now corrected in the text.]
Sadly, Cyprus has been the source of bad news lately. Even sadder, nothing travels faster than bad news, and bad people are all too ready to use bad news to trick their victims into opening bad files. My colleague Aleksandr Matrosov has alerted us to a spammed out message crammed with malicious links. Here’s a screenshot:
Despite the apparently innocuous nature of the links, they actually all go to a site booby-trapped with the Blackhole exploit kit (hxxp://go-my.ru/cyprus_news.html). The page is detected by ESET as a phishing site and users are protected.
The malware’s payload is to drop Win32/Cridex (see Virus Radar for a map of Win32/Cridex). We are now on notice that unsolicited emails about the problems in Cyprus are to be treated with extreme caution.
Aleksandr Matrosov, Security Intelligence Team Lead
David Harley, Senior Research Fellow