1. Email messages impersonating LinkedIn correspondence used as lure to Blackhole sites
Blackhole users have begun using phishing emails that impersonate correspondence from the professional networking site LinkedIn to trick users into going to Blackhole Exploit Kit sites. The links in the phishing emails take the users to an exploit server.
Email subject lines include:
“LinkedIn Reminder from your colleague.”
“LinkedIn Nofitication (sic) service message”
2. Fake AV delivered by Blackhole changes its name rapidly
AVG web threats analysts are seeing a current rogue security product (called Windows Antivirus 2012 on some of its pop-up windows) changing names frequently in recent weeks:
March 1: Windows Threats Destroyer
March 12: Windows Managing System
March 13: Windows Risk Minimizer
March 15: Windows AntiHazard Solution
March 19: Windows Software Keeper
Web users are sent to sites that download the rogue by pages containing the Blackhole exploit kit.
This is currently detected by LinkScanner as Rogue Scanner (type 1927)
3. Blackhole ransom ware install:
A current ransom ware page delivered by the Blackhole Exploit Kit tries to impersonate the U.S. Dept. of Justice Computer Crime and Intellectual Property Section and extract a $100 “fine,” payable by untraceable Paysafecard.
If the men in suits at the Department of Justice were really coming after you, we’re pretty sure you could expect a knock on the door not a goofy page that locks up your computer.
– AVG Threat Research Group