Análisis realizado por Emmanuel Nisperos

The Catholic Church has received much attention amid the papal conclave and inauguration. Cybercriminals have used this to their advantage by using it as the subject for spammed messages.

The message arrives looking like an update from reputable news source CNN. While the topic suggests an exclusive article about the Pope, the embedded link actually leads users to sites which have been compromised by Blackhole Exploit Kits. One of the final payloads is malware detected as TROJ_PIDIEF.SMXY. This malware exploits CVE-2009-0927, a dated vulnerability in Adobe Reader and Acrobat.

Users should scrutinize each email they receive, no matter how reputable the sender might appear. For updates on current events, users should visit official news sites, rather than rely on email.

All related spammed messages are detected and blocked by Trend Micro.

 Fecha/hora de bloqueo del spam: 19 de marzo de 2013 GMT-8
 TMASE
  • Motor TMASE:7.0
  • Patrón TMASE: 9734