The Latest in IT Security

A Fresh Example of a Blackhole Spam

15
Jun
2012

My spam honeypots yesterday yielded a nice example of a spam attack being used to lure people to servers hosting the infamous Blackhole exploit kit, which we've blogged about several times in the last six months or so.

The spam arrived the evening before. Here's how it looked:

screenshot of malicious spam

Clicking on one of the links took me to a hacked site, with the following message:

screenshot of initial hacked-site relay

This, of course, is simple camouflage, to distract me while my browser is given further instructions. Under the hood, the HTML looks like this:

screenshot of inner HTML for the relay

I retrieved the first of the js.js files, which is extremely simple, just one line of script:

the one-line relay

 

This IP hosts the Blackhole kit, and had already been flagged as a malware source in our database by one of our analysts when I checked, along with a sibling site that I found via following a different link. (Good to know that the team is on task!)

 

–C.L.

@bc_malware_guy

Leave a reply


Categories

TUESDAY, DECEMBER 10, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments