Incessant Blackhole spam runs likely made by same group

An incessant string of spam e-mail campaigns leading to Web sites hosting the Blackhole exploit kit are hitting inboxes around the world in waves. The latest and most prominent ones consisted of the fake Facebook, LinkedIn, U.S. Postal Service, and US Airways notifications, while the most recent one spotted masquerades as an e-mail from employment Web site CareerBuilder.com, indicating the recipient might find a job opening appealing.

The offered link takes the recipient through many redirections and lands the user on a compromised site. According to a recent analysis by Trend Micro researchers, these spam messages are mostly targeting U.S. users, and are often realistic spoofs of the companies’ original and legitimate emails. “We found clear evidence that all these attacks were linked. In many cases, the same sets of compromised URLs by multiple spam runs,” the researchers said. “This suggests that at least some of the parties responsible for these attacks were identical, if it was not the same group altogether.” The ultimate goal of these attacks is the same: the exploit kit is used to allow installation of malware — predominantly Zeus trojan variants — onto users’ computers.
Source: http://www.netsecurity. org/malware_news.php?id=2089&utm_source=feedburner&utm_medium=fee d&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Goog le+Reader