Security Alert: Royal Malware

By gTIC ·

If you are following the news, you know that a new heir to the throne of England was born this week. As with any major news story being continuously discussed throughout the media, cyber criminals are going to take advantage of the world’s interest in the event. Just as the recent tragedy of the Boston Marathon bombing spawned malware, so is the birth of Prince William and the Duchess of Cambridge’s new son.

Research by ThreatTrack Security’s Chris Boyd shows “Royal Baby” malware is now being spread through spam messages. The specific malware being used is the nefarious Blackhole Exploit Kit that can drop Zbot or other types of malicious software or potentially unwanted programs on the victim system.

As with all emails received from unknown senders, be sure that you are suspicious of the message and its contents and do not open any messages or attachments from untrusted senders.

If you are able to implement blocks of URLs and domains, here is a list of currently known malicious URLs:

  • dynamicservicesllc(dot)com/forgives/index(dot)html#sthash(dot)p9UjAX96(dot)dpuf
  • gbihongkong(dot)org/erratic/index(dot)html#sthash(dot)p9UjAX96(dot)dpuf
  • fragrancessurplus(dot)com/topic/accidentally-results
  • stay(dot)php#sthash(dot)p9UjAX96(dot)dpuf
  • fragrancessurplus(dot)com/adobe/update_flash_player(dot)exe#sthash(dot)p9UjAX96(dot)dpuf

As always, ensure that your user community is up to date with best practices in the use of email systems.

For the original article from ThreatTrack Security and other indicators and analysis of this new malware campaign, click here.

More information from Sophos regarding the Blackhole Exploit Kit can be found here, and additional information from Symantec regarding the Zeus family of Trojans here.