Researchers at Kaspersky Lab intercepted a spam email using said theory to pique the interest of recipients, hoping that they will follow one of the embedded links to a malicious website hosting the BlackHole 2.0 exploit pack.
Below is an example email that Kaspersky researchers warn users not to fall for:
Subject: CIA “DELETED” Venezuela’s Hugo Chavez?
Chavez was a leader who tried to free his people from the grip of people who will do anything to keep the consumer hostage. In the fall of 1988 oil was $15 a barrel and gasoline was 89 cents a gallon. I was called a dupe of Saddam by western media. We posted a video called A War On Children.
Our latest video is What Can You Buy With 5 Trillion Dollars Anything You Want April 2012. The key information in the new video is that $500 billion per year is paid by the United States to oil producing nations. In ten years, five trillion dollars will be paid to oil producing countries for foreign oil. The movement of trillions of American dollars to other countries is a great concern for the security of the United States.
Even in November I said: CIA and FBI Had Planned to Assassinate Hugo Chavez
To no surprise, the exploit code on the malicious sites attempt to leverage a [patched] vulnerability within the Java browser plugin, CVE-2012-0507. If that vulnerability seems familiar to you, it may be because it was the same one used to infect thousands of Macs with Flashback malware in 2012. (See why it’s so important to keep your computer up-to-date?)
The payload dropped was not disclosed; however, 8/46 antivirus programs were able to detect the exploit code, including Kaspersky products.
Tips to Stay Safe
Given that this is an email based attack, this threat shouldn’t be too difficult to avoid. However, we offer the following bits of advice to keep your PC safe:
- Always keep your operating system and installed third-party software fully patched and up-to-date.
- Always run antivirus software that offers real-time scanning and keep the virus definitions current.
- Do not click hyperlinks embedded in unsolicited emails.
- Do not download or open files attached to unsolicited emails.
- Remove Java from your system if it is not needed, or if it is necessary, dedicate a single browser to browsing Java-based websites and disable the Java plugin in all other browsers.
- Remain vigilant when surfing the web – dangers lurk everywhere!
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.