Analysis byMark Christian Aquino

A spam campaign leveraging HSBC leads to a blackhole exploit kit server. The email notification poses as a “virus scan instruction' for HSBC customers to supposedly better protect the user's online banking profile. The email notification contains a malicious link that once clicked points unsuspecting users to a site, which host a JavaScript. The script then redirects to a blackhole exploit kit server which then executes a malicious code (.JAR) to download malicious executable files.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spammed email and malicious URLs as well as the detecting the malicious files. Users are advised to go directly to the bank or financial institution and verify if such notifications are legitmate.

 SPAM BLOCKING DATE / TIME: GMT-8
 TMASE
  • TMASE Engine: :
  • Patrón TMASE: :9150