Throughout the month of June, phony emails claiming to be Amazon.com order confirmations were sent to unsuspecting victims in the hopes of infecting them with malware. Users who clicked any of the links contained in the email were directed to a web page that contained Blackhole exploit code. The exploit scanned the user’s system for Adobe® Reader® and Adobe Flash® before loading a Java applet that redirected the victim to web pages that hosted specially-crafted PDF exploit files depending on the version of Adobe Reader found on the system.
Another fake email posing as a Twitter account confirmation linked victims to a Russian website which housed a Blackhole exploit kit. The site deployed exploits that targeted Adobe Reader and Adobe Flash vulnerabilities which were as old as six years. It’s important to note that both of these attack campaigns could have been avoided had victims kept their software fully patched and up to date.
A bogus spam email was also discovered disguising itself as a Delta Airlines e-ticket. Users who downloaded the attachment were met with an executable file that infected their system with Sirefef and Live Security Platinum, a rogue antivirus program. This fake AV program blocked the running of all other applications and deployed constant pop-ups and browser redirects to messages alerting the user of an infection and requesting payment to clean up the system.