We received few emails with subject: Amazon.com Order Confirmation Inside the email message there is a HREF link that redirects users to a malicious web page containing malicious javascript code used to redirect users to the main URL of Blackhole exploit kit: The Blackhole exploit kit URL is: GET /main.php?page=017f3bb5c2be6a41 ...
Continue reading...

Our honeypot has logged few new Blackhole Exploit Kit activity. The Java exploit file Set.jar is downloaded: GET /Set.jar HTTP/1.1 content-type: application/x-java-archive User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_13 Host: 64.111.24.122 HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Jun 2012 22:43:12 GMT Content-Type: app...
Continue reading...