Pastry lovers served with ransomware via exploit kit
French cake and pastry lovers have been targeted by cyber crooks as the website of the famous confectionery company Laduree has been compromised and found serving ransomware.
The site (at laduree.fr) has been modified to redirect users to another site hosting the BlackHole exploit kit. Once it took advantage of vulnerabilities on the visitors’ computer, it would saddle the machine with the ransomware, which would promptly block it and display a fake notification from the French Police:
The message said that the users’ computer was blocked because it was sending out spam and pornographic images and because the users were making illegal downloads. In order to get it unblocked, they would have to pay 200 euros via Ukash or Paysafecard.
According to Trend Micro researchers, the ransomware in question is the same one that was recently made to impersonate the Italian police and a number of European police agencies, making researchers believe that the same gang is behind all of these attacks.
“We noticed that the domain name of the URL used to host the exploit kit has been suspended,” say the researchers. “Based on the logs, it was created on February 9, 2012 and last updated on February 14. The domain’s registrant shows a .ru email address which might help in identifying a possible suspect, but this might just be a compromised email account.”
It is interesting to note that this particular piece of malware is also capable of stealing login credentials for email accounts, social networks, poker sites, FTP servers, remote desktop software and more.