![]() ![]() Received: from .br () by xxxxxxxxxxxxxxxx ORIGINAL 0-DAY - Read more here at ĭownload all the files (exploit and payload) (contact me if you need the password)ĭownload all the files and the pcap (contact me if you need the password) Many websites already cleaned and giving error 404 and some are still active. I posted approximately 50 headers below for those who deal with spam filters as well as pcap and other information. The payload is Zeus (Gameover P2P version not Citadel). The links are legitimate compromised websites redirecting to the Blackhole exploit server. The body of the email looks very convincing - see the legitimate ADP email below in comparison to the fake one. The spam campaigns are probably different but the one I encountered was using the subject "ADP Invoice Reminder" with address sent from what it looks like a spam botnet. The Blackhole 2.0 ad is translated and posted at along with a very good analysis. ![]() Here are two samples of Java CVE-2012-4681 exploit - one from the original targeted attack described in our post on August 30, 2012 and the other from today's spam redirecting to Blackhole 2.0 exploit kit and using CVE-2012-4681 adapted from the Metasploit framework. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |