Blackhole Exploit Kit Spam Run Using Wells Fargo
September 09, 2012
![](http://www.trendmicro.com/vinfo/images/Wellsfargo1.gif)
Spammers use an email notification supposedly from Wells Fargo, making it appear that the notification is indeed from the said company. The message intends to lure users into clicking a malicious link found in the email message. Once the URL is clicked, it redirects to a site hosting a malicious JavaScript. The redirect page is pictured below:
![](http://www.trendmicro.com/vinfo/images/Wellsfargo2.gif)
While users wait for the website to load, the running script redirects to a blackhole exploit kit server. An exploit code starts to execute to deliver a .JAR file, which then downloads other malicious files on the affected computer.
Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.
SPAM BLOCKING DATE / TIME: September 09, 2012 GMT-8
TMASE INFO
- ENGINE:6.8
- PATTERN:9174