Fake Craigslist notifications lead to exploit kit
Emails purportedly sent by Craigslist have been hitting users’ inboxes and trying to get them to follow the offered link to a website hosting the Blackhole exploit kit, warns Websense.
The emails are good imitations of legitimate Craigslist automated email notifications, and have a rather legitimate looking sender address and name, too:
There the exploit kit awaits and tries to take advantage of a slew of vulnerabilities that might exist on the targets’ computer and serve malware.
Users are advised never to follow links from unsolicited emails, however legitimate they might appear.