Search This Blog

Powered by Blogger.

Blog Archive

Labels

U.S. SEC Spam mail leads to Blackhole Exploit

An email that purports to originate from US Securities and Exchange Commission(SEC) trying to trick recipient into following a malicious link , Warned by GFI.

The Spam mail:
From: “Homer Hutchinson”
Subject: Notification of securities investigation against your company.
Message body:
Dear customer, Securities and Exchange Commission Whistleblower office has received complaint about possible infringement at your company, including Unregistered securities offering, involving such financial products as swaps.

Failure to provide a reply to this complaint within 28 day period will result in Securities and Exchange Commission investigation against your company. You can have access to the complaint details in U.S. Securities and Exchange Commission Tips, Complaints, and Referrals portal under the following link:

Complaint details

{SEC physical address}


Researcher says clicking the link will redirect you to the malicious page that contains Blackhole Exploit and try to exploit the vulnerability in Adobe Reader ,Acrobat, and Microsoft Windows Help and Support.

This exploit can also target other vulnerabilities on Java, Adobe Flash and Windows Media Player.

Once vulnerabilities of these software were successfully exploited, victims will be taken to a website that downloads about.exe, a malware detected as Win32.Malware!Drop.

Share it:

Spam Report