Blackhole Exploit Kit Spam Run Using Digital Insight as Bait

 Analysis by: Michael Angelo Casayuran

This spam run uses Digital Insight, an Intuit brand, in its email notification. The message encourages users to click on the link by telling the recipients that they received a wire transfer. Clicking on the link brings the user to a site hosting a malicious JavaScript, which is pointed to a blackhole exploit kit server. The server hosts an exploit code that automatically executes a .JAR file. This .JAR file downloads other malicious files onto the affected computer.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.

 SPAM BLOCKING DATE / TIME: September 09, 2012 GMT-8
 TMASE INFO
  • ENGINE:6.8
  • PATTERN:9174