14 DAY TRIAL // GFI Labs experts have issued an alert to warn users about a spam campaign that's being used as a launchpad for a Blackhole-Cridex malware attack.
It all starts with an email entitled “Re:Fwd: Order 321312” which reads: Welcome, You can download your Microsoft Windows License here. Microsoft Corporation.”
As expected, Microsoft has nothing to do with the emails and the emails have nothing to do with Windows licenses.
Instead, when users click on the link that’s behind “here,” they’re taken to a website hosted on a Russian domain, which contains and obfuscated JavaScript that’s designed to load another web page.
While the victim is viewing a message that reads “Please wait a moment. You will be forwarded,” in the background, the BlackHole exploit kit is working on trying to find a security hole to push malware onto the victim’s computer.