Amazon.com Order Confirmation leads to Blackhole Exploit Kit

Posted by on Saturday, June 9th, 2012  |  60,492 views

We received few emails with subject:

Amazon.com Order Confirmation

Inside the email message there is a HREF link that redirects users to a malicious web page containing malicious javascript code used to redirect users to the main URL of Blackhole exploit kit:

Amazon.com fake order page

The Blackhole exploit kit URL is:

GET /main.php?page=017f3bb5c2be6a41 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: adnroidsoft .net

Fortunately the domain is not anymore active.

Posted by on Saturday, June 9th, 2012 at 9:40 pm and filed under Security with tags , , , . Both comments and pings are currently closed.

Random Posts

Previous Posts

Comments are closed.