Blackhole Exploit Kit Spam Run on Western Union

 Analysis by: Maydalene Edsel Salvador

A spam campaign using Western Union leads to a blackhole exploit kit server. The email notification contains a link to lure users into clicking a link that supposedly redirects the user to a supposed transaction made with Western Union. Once a user clicks on the link, it redirects to a site hosting a malicious JavaScript, which leads to a blackhole exploit kit server. The server has an exploit code starts to execute to deliver its final payload, which is a .JAR file that is executed. This .JAR file downloads other malicious files into the user's computer.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.

 SPAM BLOCKING DATE / TIME: August 28, 2012 GMT-8
  • ENGINE:6.8
  • PATTERN:9148