ACH BlackHole exploit kit back in circulation

September 29, 2011

After a short pause, the failed/cancelled ACH transaction spam is hitting inboxes again. 200,000 of these types of emails had been intercepted by yesterday. The 7-digit number in the subject line changes randomly from email to email, but the embedded link is always the same, say security researchers.

If a user clicks on the email they will be taken through a number of redirections to a malicious web page hosting the ‘BlackHole’ exploit kit which will aim to deliver the Zbot payload. Zbot steals confidential information and opens a back door port to the infected system. VirusTotal reports that 29 from 43 AV solutions currently detection and remediate the malicious files. Update 09/28/11 – the web page hosting the malicious payload has been taken down.Comments

Tagged with:

Leave a Comment

Please keep in mind that comments are moderated and rel="nofollow" is in use. So, please do not use a spammy keyword or a domain as your name, or it will be deleted. Let us have a personal and meaningful conversation instead.

You must be logged in to post a comment.


IT MAGAZINES: Hakin9 Magazine | Pentest Magazine | eForensics Magazine | Software Developer's Journal | Hadoop Magazine | Java Magazine
IT Blogs: Hakin9 Magazine Blog | Pentest Magazine Blog | eForensics Magazine Blog | Software Developer's Journal Blog | Hadoop Magazine Blog | Java Magazine Blog
IT ONLINE COURSES: Pentest Laboratory
JOB OFFERS FOR IT SPECIALIST: Jobs on Hakin9 Magazine | Jobs on Pentest Magazine | Jobs on eForensics Magazine | Jobs on Software Developer's Journal | Jobs on Java Magazine | Jobs on Hadoop Magazine
Hakin9 Media Sp. z o.o. Sp. komandytowa ul. Postępu 17D, 02-676 Warszawa