The various spam campaigns leading to Blackhole

Have you read the latest issue of our digital (IN)SECURE Magazine? If not, do it now.

At any given time, there is a considerable number of email spam campaigns that ultimately lead users to pages hosting exploit kits – more often then not the extremely popular Blackhole exploit kit.

Websense researchers warn about the ones that are currently hitting inboxes around the world: the first one takes the form of a voice mail notification from Microsoft Exchange servers, the second one poses as a ADP invoice reminder, the third one mimics a FDIC notification claiming the users’ wire transfer ability was suspended, and the fourth one is a bogus thank you note that tries to trick the recipients into believing that they have somehow signed up for a premium service of accountingWEB.com (click on the screenshot to enlarge it):


“A lot of the email messages pretend to come from trusted sources (well-known establishments, or the victim’s own infrastructure), and try to catch the reader off-guard by focusing their attention on something urgent, like money matters,” the researchers point out.

The landing pages are different in all the attacks, but some look like they could have been set up since the recent advent of the new version of the Blackhole exploit kit.