When the official announcement was made on June 22, the researchers spotted plenty of spammed messages related to the royal baby birth. In a statement, they described the speed with which this spam hit the Internet as “remarkable”.
“These messages appear to be from ScribbleLive, a service that provides real-time engagement platforms. The offer, of course, is false, and clicking on links in the email will only trigger multiple redirections that are typical among Blackhole exploit kit (BHEK) spam runs,” the researchers said.
BHEK is a page that cyber-criminals use to determine what software versions are used by a victim so that the page can deliver the “correct” exploit. Generally, people using outdated software are more at risk of being caught by exploits.
In this case, the script that triggers the redirections is detected as JS_OBFUSC.BEB, the researchers said. This particular exploit targets two vulnerabilities in Java: CVE-2013-1493 and CVE-2013-2423. Both of these vulnerabilities have been patched by Oracle, though many people still run on older versions of Java.
Trend Micro described this technique of taking advantage of current affairs as a social engineering lure, adding that they often come in the form of highly publicised events. The researchers gave the Boston Marathon incident and the election of Pope Francis as prime examples. What’s more, they said, hackers take advantage of more than one big news story at a time.
“This particular BHEK run is not limited to the royal baby alone. Other spammed messages took advantage of the controversy surrounding the upcoming sci-fi film Ender’s Game,” they said.
“While these messages are made to look like an article from CNN, clicking on links will trigger the same redirections as that of the royal baby spam.”