Brazilian and Russian Blackhats working together
Threat Type: Malicious Websites / Malicious Code
Websense Security Labs has discovered that Brazilian-based malicious code authors are now utilizing a popular web exploit kit which originates in Russia. This combination of the groups working together is relevant because previously we have not seen such collaboration. The Web Attacker toolkit allows attackers to place code on their website to infect users when the site is visited. This toolkit is the most popular exploit kit on the web today.
Previously, Brazilian attacks mostly used deception as a means to dupe users into running their code. These attacks provide the largest volume of unique samples that we see on daily basis.
Of the sample attacks that we received this morning, one is a fake news story about a robbery that claims to have a large reward for the capture of the criminal. Another attack is contained in an email asking you to view some photos.
In both examples, the attackers used email as the lure to attract visitors to their sites. Both sites contained live code that installed and downloaded information stealing malicious code, if the visitor's PC was not fully patched.
Attack example screenshot 1:
Attack example screenshot 2: