Analizzato da: Jude Israel Bordallo

This spam run uses the Internal Revenue Service (IRS) as the purported sender of the email notification. The email contains a link to a .DOC file showing a rejected payment to the IRS supposedly made by the recipient. Clicking the link to the supposed .DOC file brings the user to the following page:

The said page hosts a malicious JavaScript that points to a blackhole exploit kit server. A .JAR file is executed to download other malicious files onto the user's computer.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.

 Data/ora di blocco Spam: : 21 agosto 2012 GMT-8
 TMASE
  • Motore TMASE: :7.0
  • Patrón TMASE: :9126