Fake Craigslist notifications lead to exploit kit

Emails purportedly sent by Craigslist have been hitting users’ inboxes and trying to get them to follow the offered link to a website hosting the Blackhole exploit kit, warns Websense.

The emails are good imitations of legitimate Craigslist automated email notifications, and have a rather legitimate looking sender address and name, too:

But the embedded link takes the users to a compromised WordPress page, where obfuscated JavaScript serves an iFrame that redirects them to another compromised site located on a Russian domain.

There the exploit kit awaits and tries to take advantage of a slew of vulnerabilities that might exist on the targets’ computer and serve malware.

Users are advised never to follow links from unsolicited emails, however legitimate they might appear.