Blackhole Exploit Kit Spam Run Leverages ADP

 Analysis by: Maydalene Edsel Salvador

This spam run targets customers of Automatic Data Processing, Inc (ADP). The spammers use an email notification template from ADP to make it appear legitimate. It lures users into clicking a malicious link. When a user clicks on the link, the user is redirected to a site hosting a malicious JavaScript. While the victim waits for the website to load, the script is already pointing them to a blackhole exploit kit server, where an exploit code starts to execute. A .JAR file is executed, downloading other malicious files into the victim's machine.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and files.

 SPAM BLOCKING DATE / TIME: September 09, 2012 GMT-8
  • ENGINE:6.8
  • PATTERN:9174