Analysis byMaydalene Edsel Salvador

A spam campaign using Western Union leads to a blackhole exploit kit server. The email notification contains a link to lure users into clicking a link that supposedly redirects the user to a supposed transaction made with Western Union. Once a user clicks on the link, it redirects to a site hosting a malicious JavaScript, which leads to a blackhole exploit kit server. The server has an exploit code starts to execute to deliver its final payload, which is a .JAR file that is executed. This .JAR file downloads other malicious files into the user's computer.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.

 SPAM BLOCKING DATE / TIME: 28 de sierpnia de 2012 GMT-8
 TMASE
  • TMASE Engine: :
  • Patrón TMASE: :9148