Blackhole Exploit Kit Spam Run Using Better Business Bureau

 Analysis by: Maydalene Edsel Salvador

Spammers use the Better Business Bureau name as apparent sender of a complaint. The recipient is enticed to click on a link that supposedly contains details of the complaint made against the recipient. When the reader clicks on the link, the browser opens a page that hosts a malicious JavaScript. The script then redirects to a blackhole exploit kit server, where a .JAR file is executed. The said file then downloads other malicious files onto the affected computer.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spammed email and malicious URLs as well as the detecting the malicious files.

 SPAM BLOCKING DATE / TIME: September 11, 2012 GMT-8
  • ENGINE:6.8
  • PATTERN:9178