Cybercriminals behind the black hole exploit campaign are leveraging Xanga, a blogging platform. Trend Micro researchers spotted spammed messages purporting to come from Xanga. It bore the subject, New Weblog comment on your post! and informs users that they received a comment on their weblog entry. To view the supposedly comment, users should click the URL on the email body. When users clicked the said URL, it triggers a series of redirections leading to black hole exploit kit. All related URLs are already blocked by Trend Micro.
As of this writing, our researchers are continually monitoring this threat. Users are strongly recommended to be wary in clicking links in email messages even these come from known sources. It’s also advisable to verify first the legitimacy of the said email message by contacting the organization or website directly.