解析者: Neil Yves Pondo

A notification from file-sharing website Sendspace leads to blackhole exploit kit. The message instructs target users to click on a link to download a file. Users who fall for this trick are redirected to a site hosting malicious JavaScript:

While users wait for the website to load, the script is already pointing to a Blackhole Exploit Kit server where an exploit code executes a .JAR file. The .JAR file then downloads other malicious files.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware. Sendspace users are advised to check the website directly before clicking on any email notification.

 スパムブロック日時 : 2012年11月23日 0:02:00 GMT-8
 TMASE
  • TMASEエンジン:7.0
  • TMASEパターンバージョン:9386