Video Screencast Help
Security Response

Pope Themed Spam Attacks Lead to Malware

Created: 19 Mar 2013 09:29:04 GMT • Updated: 23 Jan 2014 18:08:55 GMT • Translations available: 日本語, Português
Samir_Patil's picture
+3 3 Votes
Login to vote

Contributor: Saurabh Farkade

The Vatican City has been in the news a lot in the past few weeks due to Benedict XVI’s resignation and the election of Pope Francis. Spammers have picked up on this opportunity for spreading malware.

Symantec Security Response has observed attackers distributing spam which leads users to a site hosting the Blackhole Exploit Kit. The good news is, Symantec customers are protected and this threat is detected as Blackhole Toolkit Website.

The spam email alleges to be from a well-known news channel. The following subject lines are used in this attack:

  • Subject: Opinion: Can New-Pope Benedict be Sued for the Sex Abuse Cases? - [REMOVED]
  • Subject: Opinion: New Pope, Vatican officials sued over alleged sexual abuse! - [REMOVED]
  • Subject: Opinion: New Pope Sued For Not Wearing Seat Belt In Popemobile... - [REMOVED]

The domains used in the email have all been recently registered. Clicking on the link contained in the email directs the user to a compromised website that hosts the payload. The following is a screenshot of the malicious email:

Abusing the popularity of a well-known news agency increases the chances of a successful attack. However, Symantec customers are protected from this threat by multilevel protection. We advise our readers not to open unsolicited news emails and to keep their security software up-to-date in order to stay protected from online threats.