Security firm Trend Micro reports that hackers have turned to emails designed to look like they are from Pinterest to lure users into clicking the links that will install the Blackhole Exploit Kit on their machines.
Hackers disguise their emails with the logos of major social networks in order to make the email appear to come from a company with whom many users have accounts.
The emails Trend Micro researchers noticed in late June report that the user’s password has been changed and offer a link to the login information. Users are apt to suspect that their Pinterest account has been hacked and will thus click on the link that purports to lead to the site. That is when the hack actually occurs.
The link send the user through a series of website redirects. It eventually instals a Trojan horse which, in turn, overrides authorization procedures to install a bit of backdoor malware called Cridex.
Users can avoid the malware by not following links in similar emails, and, instead, only changing account information on the website to which it pertains. Users should also make sure that they are running the most up-to-date versions of Java, Adobe Acrobat, Adobe Reader and Flash.