Fake Amazon email leads to exploit kit
Posted on 12.06.2012
Fake Amazon order confirmations are hitting inboxes and trying to trick recipients into following any of the links to a page serving the Blackhole exploit kit.

The email looks pretty legitimate (click on the screenshot to enlarge it):


The only thing that gives it away at first glance is the fact that multiple email addresses are included in the "To:" field, and the email is personalized for the first recipient.

"All links in the email body, apart from the linked email address, lead users to the same HTML page that are hosted on various legitimate but compromised WordPress domains," GFI's Jovi Umawing warns, and adds that the links are most likely to be changed from time to time.

Still, all those links take the user to a page where they supposedly have to wait for the information about the "ordered" book to load. In the meantime, some JavaScript code loads an iframe that redirects users to another page, where the exploit kit is hosted.

Blackhole then checks for the presence of Adobe Reader and Adobe Flash on the userís system, and finally deploys two exploits that target a Adobe Flash Player, Adobe Reader and Acrobat vulnerability and a Microsoft Windows Help and Support Center vulnerability to take control of the user's system and download malware on it.

As always, users are reminded to keep their software updated, as the exploits used by various exploit kits do not work on the latest versions.






Spotlight

The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //