Blackhole Exploit Kit Spam Run Use Internal Revenue Service
August 21, 2012
This spam run uses the Internal Revenue Service (IRS) as the purported sender of the email notification. The email contains a link to a .DOC file showing a rejected payment to the IRS supposedly made by the recipient. Clicking the link to the supposed .DOC file brings the user to the following page:
The said page hosts a malicious JavaScript that points to a blackhole exploit kit server. A .JAR file is executed to download other malicious files onto the user's computer.
Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.
SPAM BLOCKING DATE / TIME: August 21, 2012 GMT-8
TMASE INFO
- ENGINE:7.0
- PATTERN:9126