Blackhole Exploit Kit Spam Using Sendspace

 Analysis by: Neil Yves Pondo

A notification from file-sharing website Sendspace leads to blackhole exploit kit. The message instructs target users to click on a link to download a file. Users who fall for this trick are redirected to a site hosting malicious JavaScript:

While users wait for the website to load, the script is already pointing to a Blackhole Exploit Kit server where an exploit code executes a .JAR file. The .JAR file then downloads other malicious files.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware. Sendspace users are advised to check the website directly before clicking on any email notification.

 SPAM BLOCKING DATE / TIME: November 23, 2012 GMT-8
 TMASE INFO
  • ENGINE:7.0
  • PATTERN:9386