Trend Micro Uncovers Malicious Pinterest Spam

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

Trend Micro researchers recently came across a Blackhole Exploit Kit (BHEK) spam campaign targeting Pinterest users.

The spam e-mails mimic legitimate messages from Pinterest, informing recipients that their passwords been reset, and asking them to click on a link to view their new passwords.

If the recipients click on the link, they're put through a series of Web site redirects, after which the malware TROJ_PIDIEF.USR is downloaded, which then drops BKDR_KRIDEX.KA -- that malware, part of the Cridex malware family, is capable of performing commands from a remote user.

"While there is nothing new in this routine, users are still advised to always perform account-related changes only the websites they subscribe to," writes Trend Micro's Ryan Certeza. "We also point towards the usage of CRIDEX as a final payload – a malware family that we’ve written about as one of the two families used in BHEK attacks. Like ZBOT, CRIDEX is used mainly to steal online banking information."

JOIN THE DISCUSSION

Loading Comments...