解析者: Chloe Ordonia

Spammers use an email notification supposedly from Wells Fargo, making it appear that the notification is indeed from the said company. The message intends to lure users into clicking a malicious link found in the email message. Once the URL is clicked, it redirects to a site hosting a malicious JavaScript. The redirect page is pictured below:

While users wait for the website to load, the running script redirects to a blackhole exploit kit server. An exploit code starts to execute to deliver a .JAR file, which then downloads other malicious files on the affected computer.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.

 スパムブロック日時 : 2012年9月9日 23:15:00 GMT-8
 TMASE
  • TMASEエンジン:6.8
  • TMASEパターンバージョン:9174