Analisado porMaydalene Edsel Salvador

Spam campaigns using various email notifications purportedly coming from ADP lead to a blackhole exploit kit server. These spammed messages attempts to lure users into clicking a malicious link, which is also in the message body. Below are other spammed messages seen in this campaign:

When a user clicks on the link in any of these messages, the link redirects the user to a site hosting a malicious JavaScript:

While the victim waits for the website to load, the script is already pointing them to a blackhole exploit kit server, where an exploit code starts to execute. A .JAR file is executed, downloading other malicious files into the victim's machine.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.

 Data/Hora do bloqueio de spam: 03 agosto 2012 GMT-8
 TMASE
  • Versão do mecan
  • Patrón TMASE: 9082