Threat Encyclopedia

Spoofed PayPal and American Express Notifications Lead to Blackhole Exploit

Publish date: May 03, 2012

ANALYSIS BY

Jona Ross Pereira


Spammed messages purporting to come from Paypal and American Express Bank are found in the wild. The spoofed Paypal notification claims that the recipient’s payment is already received. On the other hand, the bogus notification from American Express asks the users if they recently made changes to their passwords or asks them to verify their User IDs. These spammed messages contain links that when clicked redirect to a site that loads a JavaScript (detected as JAVA_BLACOLE.RCC). When loaded, this JavaScript points to a site hosting Blackhole Exploit.

Users are advised to be cautious when opening emails even if these came from known sources. Contact the organizations involved directly to verify if the email messages are legitimate.

SPAM BLOCKING DATE / TIME: May 03, 2012 GMT-8
TMASE INFO

  • ENGINE:6.8
  • PATTERN:8880

Featured Stories

Connect with us on