Beware: Fake CitiBank email leads to malware!


If you needed proof that the email system is being utilized more and more for malware delivery, you need look no further than my own experiences. After many years of never receiving any of these potential threats via email, I have received no fewer than three in as many weeks.

I don’t believe for one minute that this is co-incidence, or that I am being picked on in particular. It is in fact symptomatic of the trend toward inducing users to infect their own machines simply by clicking on malicious links… the path of least resistance. Utilization of this type of threat has increased dramatically over the past 12 months, with exploit techniques leading the way. <Microsoft Security Blog>

The first two emails, detailed in a previous article.. Beware of Scam or Phishing emails!, were rather clumsy attempts. However, this latest email, which utilizes the infamous Blackhole exploit kit, is much more sophisticated:

The Blackhole Exploit Kit

In layman’s terms; Blackhole targets vulnerabilities in popular browsers, including common plug-ins such as Java and Adobe Flash. You, the recipient, click on a link in the email and land on a fake web page which then determines what software is installed on your computer and loads all exploits relative to identified vulnerabilities. This can, and does, lead to stolen personal information and downloading of further malware, including Trojans… not good!

This is why most security guides always include the advice to keep all your software up-to-date, and especially that software which interacts with the internet, such as browsers and associated plug-ins. According to AVG Threat Labs, over 30% of all instances of malware in the world are caused by Blackhole Exploit kits.

Its important to remember that Blackhole does not attack the computer directly, it requires YOU, the user, to visit a fake or compromised web page in order to initiate the attack. And that, my friends, is exactly what clicking on links in these emails will do.


Footnote: Apparently, Google Chrome is more impervious to Blackhole’s infection techniques than other browsers. But that doesn’t mean Chrome users are not at risk; instead of Blackhole automatically delivering exploits, Chrome users are presented with a page that urges them to download and install a Chrome update… which is of course malicious.

Posted in:
About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.