14 DAY TRIAL // Emails claiming to be “Wire Transfer Confirmations” hide a malevolent plot to lure internauts to a website that hosts the Blackhole exploit kit.
Malicious emails don’t necessarily have to contain all sorts of threats and explanations in order to be effective. In some instances, cybercriminals rely on the user’s curiosity.
Here’s how such an email, provided by SophosLabs, looks like: Dear Operator,
WIRE N: FD-38443564457336939
STATUS: REJECTED
You can find details in the attached file.
The attachment is not an executable file as you’d expect, but an HTML webpage – identified as Troj/JSAgent-CK – which displays a “please wait a moment” message when it’s opened.
While the victim is looking at the message, in the background, an obfuscated piece of code is performing a redirect to a hijacked Russian site that hosts Blackhole, the infamous exploit kit that leverages all sorts of known vulnerabilities to serve malware.
Users are advised to be on the lookout for such emails.