Analyse vonJona Ross Pereira

Spammed messages purporting to come from Paypal and American Express Bank are found in the wild. The spoofed Paypal notification claims that the recipient’s payment is already received. On the other hand, the bogus notification from American Express asks the users if they recently made changes to their passwords or asks them to verify their User IDs. These spammed messages contain links that when clicked redirect to a site that loads a JavaScript (detected as JAVA_BLACOLE.RCC). When loaded, this JavaScript points to a site hosting Blackhole Exploit.

Users are advised to be cautious when opening emails even if these came from known sources. Contact the organizations involved directly to verify if the email messages are legitimate.

 Spam gesperrt am/um:: 03 Mai 2012 GMT-8
 TMASE
  • TMASE Engine::6.8
  • Patrón TMASE: 8880