The emails in question usually appear to be a reply to a previous email or a forwarded one, and contain the words "Wire Transfer Confirmation" and occasionally bogus reference numbers in the subject line:
By opening the attached Wire_AMBA01-Rejected.htm file, the users are firstly directed to a webpage displaying a "Please wait a moment. You will be forwarded..." message, then redirected to a compromised Russian website hosting the Blackhole exploit kit.
If the exploit kit manages to find vulnerabilities to take advantage of, the users are served with a number of malicious payloads.
As always, users are advised to never open attachments from unsolicited emails.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.