Bogus “Your eBay funds are cleared” email leads to exploits

Following the email supposedly sent by an unsatisfied customer, eBay sellers are targeted by scammers once again.

While the first email threatened with negative feedback, this one entices with the promise of a huge amount of money supposedly made available to the recipient:

Users who click on the embedded link are taken to a page sporting the “Loading your Transaction Details-¦” caption, which also hosts the Blackhole exploit kit.

While the user is waiting for the transaction details to load, the kit tries to exploit an Adobe Reader and Acrobat vulnerability, as well as a Microsoft Windows Help Center flaw.

If successful, a Trojan is dropped onto the system, and phones home to a C&C server that has been used in another previously profiled spamvertised campaign.

“Based on these observations, we can easily conclude that a single cybercriminal or a gang of cybercriminals is systematically introducing undetected malicious executables and rotating the client-side exploits serving URLs, next to impersonating popular brands in an attempt to socially engineer users into interacting with these malicious emails,” says Webroot’s Dancho Danchev, and predicts that more spam campaigns impersonating trusted brands are sure to follow.