The email looks pretty legitimate (click on the screenshot to enlarge it):
The only thing that gives it away at first glance is the fact that multiple email addresses are included in the "To:" field, and the email is personalized for the first recipient.
"All links in the email body, apart from the linked email address, lead users to the same HTML page that are hosted on various legitimate but compromised WordPress domains," GFI's Jovi Umawing warns, and adds that the links are most likely to be changed from time to time.
Blackhole then checks for the presence of Adobe Reader and Adobe Flash on the user’s system, and finally deploys two exploits that target a Adobe Flash Player, Adobe Reader and Acrobat vulnerability and a Microsoft Windows Help and Support Center vulnerability to take control of the user's system and download malware on it.
As always, users are reminded to keep their software updated, as the exploits used by various exploit kits do not work on the latest versions.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.