Craigslist Mail Notification Redirects to Black Hole Exploit

 Analysis by: Jude Israel Bordallo

Craigslist has become one of the more popular sites to advertise nearly every service or product. Trend Micro researchers recently received messages which use Craigslist to distribute spammed messages about posting ads for various jobs, services, and sales. The message instructs recipients that they need to click on the provided link in order to create, edit, or delete posts on the site. It is worth noting that one of the actions a user can do is verifying email addresses, which Trend Micro researchers have identified as a phishing attack.

Should users click on the link, they will be redirected to an exploit site, which prompts the download of a malicious file, before finally leading to a fake pharmacy site. The downloaded file, ABOUT.EXE. is detected as TROJ_INJECT.BXV. All related URLs have been blocked by Trend Micro.

Users should be wary of clicking links embedded in messages, even they appear to come from reputable sources. For any changes associated with their online accounts, users are advised to directly go to the site.

  • ENGINE:7.0
  • PATTERN:8954