It starts, says Jovi Umawing, with “an email message supposedly from Amazon with the subject ‘Your Amazon.com order of Omron WXH-108F Fat Loss... has shipped’.” But clicking any of the links takes the user “to jongerencentrumdebus(dot)nl/wp-content/uploads/fgallery/news.html, a known Black Hole exploit kit host, which then directs to an ageoloft(dot)info page.”
The Black Hole exploit kit is growing in popularity among cybercriminals because of its effectiveness and increasingly flexible pricing arrangements. “Since the kits are already available in the black market (for free),” writes Umawing, “we can only expect more infections and news surrounding this particular kit.” Black Hole searches its target for a number of different vulnerabilities, in both the operating system and popular applications. If it finds a vulnerability, it executes the relevant exploit and, in this case, says Umawing, it drops a worm onto the system.
The campaign is aimed at harassed Christmas shoppers. Vast numbers are visiting Amazon and other online stores such as eBay, with little time to take as much care as usual. Many will be expecting ‘has shipped’ notifications, and may not notice that the goods in question aren’t actually the goods expected. Other users might think ‘that’s not what I ordered’ and be tempted to click the link to find out what’s going on.
“With the number of Internet users shopping online using services such as Amazon and eBay, it pays to be cautious fourfold, especially at this time of the year,” says Umawing.