FYI...
Fake CPA/AICPA emails lead to BlackHole exploit kit
- http://blog.webroot.com/2012/08/01/s...e-exploit-kit/
August 1, 2012 - "Certified public accountants, beware... Cybercriminals are currently spamvertising millions of emails impersonating AICPA (American Institute of Certified Public Accountants) in an attempt to trick users into clicking on the client-side exploits and malware serving links found in the emails...
Screenshot of the spamvertised email:
> https://webrootblog.files.wordpress....xploit_kit.png
... Spamvertised URL: hxxp://thewebloan .com/wp-includes/notice.html
Client-side exploits serving URLs parked on the same IP (221.131.129.200) - hxxp ://jeffknitwear .org/main.php?page=8614d3f3a69b5162;
hxxp ://lefttorightproductservice .org/main.php?page=4bf5d331b53d6f15
Client-side exploits serving domains responding to the same IP:
toeplunge .org; teloexpressions .org; historyalmostany .org
Client-side exploits served:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-1885 9.3 (HIGH)
Detection rate for a sample redirection script with MD5: fa9daec70af9ae2f23403e3d2adb1484 *
... Trojan.Script!IK; JS/Iframe.W!tr
Upon successful client-side exploitation, the campaign drops
MD5: b00af54e5907d57c913c7b3d166e6a5a ** on the affected hosts...
Trojan.PWS.YWO; Trojan-Dropper.Win32.Dapato.bmtv ..."
* https://www.virustotal.com/file/21ac...is/1342738075/
File name: AICPA.html
Detection ratio: 4/42
Analysis date: 2012-07-19
** https://www.virustotal.com/file/6db6...8a20/analysis/
File name: b00af54e5907d57c913c7b3d166e6a5a.exe
Detection ratio: 30/39
Analysis date: 2012-07-27