The emails in question usually appear to be a reply to a previous email or a forwarded one, and contain the words "Wire Transfer Confirmation" and occasionally bogus reference numbers in the subject line:
By opening the attached Wire_AMBA01-Rejected.htm file, the users are firstly directed to a webpage displaying a "Please wait a moment. You will be forwarded..." message, then redirected to a compromised Russian website hosting the Blackhole exploit kit.
If the exploit kit manages to find vulnerabilities to take advantage of, the users are served with a number of malicious payloads.
As always, users are advised to never open attachments from unsolicited emails.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.