If you’ve been getting lookalike news emails from CNN or the BBC in the past few days, you could have been hit by a malware attack and it may well be worth doing a few safe mode scans with popular anti-malware software, if an AVG report on the Blackhole exploit kit is to be believed.
However the emails should be reasonably easy to spot if you cross referenced them with the actual news sites, since they contain such news stories as “new pope sued for sex abuse.”
The threat was spotted by AVG Web Threats researchers, who said that they had: “found spam from scammers using the Blackhole exploit kit that use the issue of sex abuse scandals in the Catholic Church as bait.” They then explained that if a user was to click on the link in the fake story, they would be taken immediately to a page that downloads the exploit kit. It’s thought that Java is being used to infect the user’s PC.
“The researchers discovered another message that the same malicious individual or group is using in their spam campaign. It reports another user saw a BBC News report on the Cyprus debt deposit tax and thought you should see it,” read the AVG statement (via V3).
KitGuru Says: Of course the easiest way to avoid security problems like this, is to never click on any link in an email – always find the content by searching for it through your preferred engine, or simply go to the site in question and navigate straight to it.