Fake Amazon emails open the way for malware

The CVE-2012-4681 Java zero-day vulnerability might have been patched, but because it was added to the popular Blackhole exploit kit and because most users regularly forego the patching of their software, it is still heavily exploited in the wild.

The most recent example of this is an email purportedly coming from e-commerce giant Amazon urging users to verify their (bogus) order:

But clicking on the link takes them – through a number of redirections – to a page hosting the Blackhole exploit kit, and an obfuscated JavaScrip that attempts to detect which browser, Adobe Flash, Adobe Reader and Java versions the visitor is using in order for the kit to serve an appropriate exploit, reports Websense.

Once compromised, the visitors’ computer is ready to be served malware of the attackers’ choosing with the user being none the wiser.

Share this
You are reading

Fake Amazon emails open the way for malware