This spam campaign targeting Apple customers leads to a blackhole expoit kit. It starts with a supposedly legitimate email notification from Apple. The email appears to be an iTunes purchase notification. Users who may find the email compelling may click on the seemingly legitimate link in the email content. Users are redirected to a site hosting a malicious JavaScript, pictured below:

While users are waiting to load, the script is already pointing them to a blackhole exploit kit server. The exploit code starts to execute to deliver a .JAR file that downloads other malicious files into users' computers.

Users are strongly advised to be wary in opening email messages with too good to be true offers. Go directly to the organization’s website to verify if the said orders are legitimate. Trend Micro protects users from this spam run by detecting the malicious file and spam. Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.

 Fecha/hora de bloqueo del spam: 20 de agosto de 2012 GMT-8
 TMASE
  • Motor TMASE: 7.0
  • Patrón TMASE: 9126