Internet Users Encountered Multiple Blackhole Exploits in October, According to GFI Software Research

November 08, 2012 - 12:00

Users of Skype™, Facebook and Windows® were among those groups targeted by cybercriminals employing spam messages and malicious links

GFI Software™ today released its VIPRE® Report for October 2012, a collection of the 10 most prevalent threat detections encountered last month. In October, GFI threat researchers uncovered a large number of Blackhole exploits disguised as Windows licenses(just prior to the release of Windows 8), Facebook account verification emails,  Skype voicemail notifications, and spam messages.

“The Blackhole exploit kit is one of the biggest dangers that internet users face because it is the chameleon of internet threats. It simplifies the process of creating cybercrime campaigns and is easily adapted to take advantage of the buzz surrounding major news events and popular brands,” said Christopher Boyd, senior threat researcher at GFI Software. “Luckily, these attacks are relatively easy to avoid by incorporating basic internet safety practices into daily browsing. Users should verify the source and destination of any link before clicking and they should never run executable files unless they are positive that the source is legitimate.”

Blackhole exploits require victims to open links to compromised websites hosting a file that must be downloaded and executed in order to complete the attack. This file contains a JavaScript which scans for unpatched software and other vulnerabilities before deploying the appropriate exploits and infecting a machine. The compromised links can be customized to target customers of specific companies, members of various social networking sites, or general internet users seeking information on popular news stories and events. Patching software can be automated on home PCs with VIPRE AV’s Easy Update technology, for example.

Just days before the release of Windows 8, some users encountered spam emails offering a free “Microsoft Windows License.” Users who clicked the malicious link and downloaded the accompanying file were hit with a Blackhole exploit and infected with a Cridex Trojan. Another spam email campaign targeted Facebook users with a message claiming that their account was locked and needed to be re-verified. The links led to Blackhole exploits and a Zeus Trojan disguised as an Adobe® Flash® Player download.

Skype users were also targeted by multiple campaigns last month. Some received spam emails containing phony voicemail notifications. Users who clicked on the Blackhole links were infected with a Zeus Trojan. Other users were confronted with spam messages from their Skype contacts containing generic questions about their profile picture and a link to a Trojan which infected their systems, deleted itself and began making DNS requests to various malicious URLs. While many of these sites were quickly taken down, the spam campaign began hijacking victims’ PCs for click fraud and directing them to ransomware messages, demanding payment of fines for illegal file sharing.

Securing Consumers’ PCs
GFI Software recently released VIPRE Antivirus 2013 and VIPRE Internet Security 2013 for PC users looking to detect and avoid malicious links and malware. Annual subscriptions for each product include threat definition updates, software upgrades and free tech support. VIPRE Internet Security 2013 also includes the VIPRE Easy Update™ feature which automatically finds and applies updates to out-of-date software, making users less vulnerable to Blackhole exploit attacks.

To learn more about VIPRE Antivirus 2013 or VIPRE Internet Security 2013, please visit or click here to download a free 30-day, full-featured trial.

Top 10 Threat Detections for October
GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of VIPRE Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that adware dominated the month taking half of the top 10 spots.


About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware. The team of dedicated security specialists actively researches new malware outbreaks, creating new threat definitions on a constant basis for the VIPRE home and business antivirus products.

About GFI
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMB) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States, UK, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold ISV Partner.