Spam Leads to Blackhole Attack

Monday, October 29, 2012 @ 01:10 PM gHale


A spam campaign is the starting point for a Blackhole-Cridex malware attack.

It all starts with an email entitled “Re:Fwd: Order 321312” which reads: Welcome, You can download your Microsoft Windows License here. Microsoft Corporation,” said researchers at security company GFI Labs.

RELATED STORIES
Apple Updates Java for Older Macs
Java SE Zero Day Fix can Wait
New Java Flaw Affects 1 Billion
Blackhole Updates Product Offering

Microsoft has nothing to do with the emails and the emails have nothing to do with Windows licenses.

Instead, when users click on the link, they go to a website hosted on a Russian domain, which contains and obfuscated JavaScript designed to load another web page, the researchers said.

While the victim is viewing a message that reads “Please wait a moment. You will be forwarded,” in the background, the BlackHole exploit kit is working on trying to find a security hole to push malware onto the victim’s computer.



Leave a Reply

You must be logged in to post a comment.