ID: IRCNE2012031443
Date: 2012-03-27
According to "zdnet", security researchers from TrendMicro are reporting on mass compromise of WordPress sites, currently serving client-side exploits and malware to users who click on malicious links in the spamvertised emails connected with the campaign.
According to TrendMicro, cybercriminals are impersonating the Better Business Bureau and LinkedIn in their spamvertised emails, enticing end and corporate users into clicking on the malicious links found in the emails.
Upon clicking on the links, users are exposed to the Black Hole web malware exploitation kits, currently serving CVE-2010-0188 and CVE-2010-1885 exploits, ultimately dropping a CRIDEX malware variant.
Cybercriminals regularly take advantage of compromised legitimate infrastructure acting and distribution and infection vector for their malicious campaigns, in an attempt to trick web filters into correctly identifying the legitimate infrastructure where the distribution and infection vectors are hosted.
End and corporate users are advised to ensure that they’re not running outdated versions of their-party software and browser plugins, as well as to avoid interacting with these emails.
- 2