The Latest in IT Security

A Fresh Example of a Blackhole Spam


My spam honeypots yesterday yielded a nice example of a spam attack being used to lure people to servers hosting the infamous Blackhole exploit kit, which we've blogged about several times in the last six months or so.

The spam arrived the evening before. Here's how it looked:

screenshot of malicious spam

Clicking on one of the links took me to a hacked site, with the following message:

screenshot of initial hacked-site relay

This, of course, is simple camouflage, to distract me while my browser is given further instructions. Under the hood, the HTML looks like this:

screenshot of inner HTML for the relay

I retrieved the first of the js.js files, which is extremely simple, just one line of script:

the one-line relay


This IP hosts the Blackhole kit, and had already been flagged as a malware source in our database by one of our analysts when I checked, along with a sibling site that I found via following a different link. (Good to know that the team is on task!)




Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments