1. eBay.co.uk listing redirecting bidders to exploit kit


AVG analysts have discovered an ebay.co.uk auction listing that is redirecting bidders to a Blackhole exploit kit.


After visiting the listing, users are redirected to an ebay.666222666.com site that is hosting the exploit kit. At this point they are served malicious .JAR (Java), .SWF (Adobe Flash file), and .PDF (Adobe Acrobat Reader) files used to download other malware and infect their PC.



Obfuscated script on page


AVG users are protected from this threat.




2. Phishing spam renders good impersonations of Verizon, AmEx and US Airways correspondence then lead to Blackhole sites


The threat research team this week also came across three phishing email messages that impersonate legitimate businesses and lure users to websites hosting the Blackhole exploit kits.


It is a good practice, to go to the web site of the business you are dealing with rather than clicking on links in emails you receive, no matter how legitimate they look. Any email that asks for “confirmation” of passwords or other account information should really ring the “caution” bell.


3. Blackhole-delivered rogues change names


Rogue security products, which have been with us for more than five years now, continue to use their standard operating procedure – cloning with minimal changes. The clones keep the basic malcode, but present potential victims with new names on the graphic interfaces. The most recent clones we’ve seen recently are: “Windows Shielding Utility” and “Windows Warding System.”


The name changes are intended to confuse potential victims as well as evade detection by anti-virus products.




– AVG Threat Research Group