Blackhole Exploit Kit Spam Run Using Time Warner Cable Name

 Analysis by: Maydalene Edsel Salvador

This spam campaign uses a fake email notification from Time Warner Cable. The message contains an order confirmation number with a payment amount. Users may be enticed to click on the link within the notification to check whether the order is true. When users click on the link, users are redirected to a site hosting a malicious JavaScript. The script is actually an exploit code hosted on a blackhole exploit kit server. The script leads to the download of more malicious files on the affected computer.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.

 SPAM BLOCKING DATE / TIME: September 09, 2012 GMT-8
 TMASE INFO
  • ENGINE:6.8
  • PATTERN:9174