Browse archive

Latest news

The security of WordPress plugins

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Businesses not fully implementing infosec programs

Is accessing work apps on the move destructive?

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

New regulation for ENISA, the EU cybersecurity agency

F-Secure advances fight against exploits

Free anti-spam software for the Mac

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Hacking charge stations for electric cars

Fake Craigslist notifications lead to exploit kit

Posted on 08.06.2012

Emails purportedly sent by Craigslist have been hitting users' inboxes and trying to get them to follow the offered link to a website hosting the Blackhole exploit kit, warns Websense.

The emails are good imitations of legitimate Craigslist automated email notifications, and have a rather legitimate looking sender address and name, too:

But the embedded link takes the users to a compromised WordPress page, where obfuscated JavaScript serves an iFrame that redirects them to another compromised site located on a Russian domain.

There the exploit kit awaits and tries to take advantage of a slew of vulnerabilities that might exist on the targets' computer and serve malware.

Users are advised never to follow links from unsolicited emails, however legitimate they might appear.