Blackhole Exploit Kit Spam Run Using Microsoft as Bait

 Analysis by: Jude Israel Bordallo

This spam run attempts to trick its recipients into thinking that it is from Microsoft Outlook. The message asks the recipient to click on a link to retrieve a voicemail message. Once the link is clicked, it redirects to a site hosting a malicious JavaScript:

The script points the user to a blackhole exploit kit server hosting a .JAR file. The said file is executed, and downloads other malicious files on the affected computer.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.

 SPAM BLOCKING DATE / TIME: September 12, 2012 GMT-8
 TMASE INFO
  • ENGINE:7.0
  • PATTERN:9180