Royal Baby Birth with a Blackhole Exploit Kit Spam Twin

 Analysis by: Cyril Coronado

Spammers hopped on the royal baby bus to spread spam with Blackhole Exploit Kit (BHEK) links. Trend Micro researchers observed an increase in the number of spammed messages that are purported to be from the live blogging service ScribbleLive. The spammed message lures users to open and read its contents as it alleges to contain recent updates on the offspring of the Duke and Duchess of Cambridge.

A supposed link, also in the spammed message, to the hospital camera leads to a BHEK URL. When a user clicks on the link, malware is downloaded and executed on user's computer.

We strongly recommend users to refrain from opening email messages like these. To get updates on news items, access your news sites via bookmarks.

Trend Micro product users are protected from this threat. The spammed message is blocked, the URL is also blocked, and the malware is detected and removed.

  • ENGINE:7.0
  • PATTERN:0028