ACH BlackHole exploit kit back in circulation

After a short pause, the failed/cancelled ACH transaction spam is hitting inboxes again. 200,000 of these types of emails had been intercepted by yesterday. The 7-digit number in the subject line changes randomly from email to email, but the embedded link is always the same, say security researchers.

If a user clicks on the email they will be taken through a number of redirections to a malicious web page hosting the 'BlackHole' exploit kit which will aim to deliver the Zbot payload. Zbot steals confidential information and opens a back door port to the infected system. VirusTotal reports that 29 from 43 AV solutions currently detection and remediate the malicious files. Update 09/28/11 - the web page hosting the malicious payload has been taken down.

September 29, 2011
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013