The BlackHole exploit kit has become an increasingly popular way of delivering malware to unsuspecting users. By exploiting a series of unpatched Windows, Java and Adobe Reader flaws, it manages to compromise the systems of enough users to be considered a good investment.
To land the victims on compromised pages hosting the kit, malware peddlers often mount spam campaigns impersonating a popular online service. And, as the holiday season is upon us and users are intent on ordering many things online, they try to trick them into visiting the aforementioned pages with fake confirmations of shipping of certain items.
An example of this is the recent spate of emails purportedly coming from Amazon confirming the shipping of an item has been spotted by GFI:
All of the links embedded in the email take the user to a s site hosting the exploit kit via a number of site redirections. Once he has landed on that site, the user is automatically served with a PDF file that exploits Adobe Reader vulnerabilities to run malicious executables on the system, including malware that will continue to download other malware onto his computer.