Modernizing Authentication — What It Takes to Transform Secure Access
Trend Micro researchers recently came across a Blackhole Exploit Kit (BHEK) spam campaign targeting Pinterest users.
The spam e-mails mimic legitimate messages from Pinterest, informing recipients that their passwords been reset, and asking them to click on a link to view their new passwords.
If the recipients click on the link, they're put through a series of Web site redirects, after which the malware TROJ_PIDIEF.USR is downloaded, which then drops BKDR_KRIDEX.KA -- that malware, part of the Cridex malware family, is capable of performing commands from a remote user.
"While there is nothing new in this routine, users are still advised to always perform account-related changes only the websites they subscribe to," writes Trend Micro's Ryan Certeza. "We also point towards the usage of CRIDEX as a final payload – a malware family that we’ve written about as one of the two families used in BHEK attacks. Like ZBOT, CRIDEX is used mainly to steal online banking information."