Fake AICPA Mail Serves Blackholes and Rootkits
on
February 20, 2012
Be wary of emails claiming to be from AICPA – as per their alert here, these are not real and any mention of “unlawful tax return fraud” is just a bait to convince the end-user to open up a malicious attachment (in this case, a .doc file although there are rogue PDF files in circulation too).
Click to Enlarge
As with many of the malicious spam campaigns doing the rounds at the moment, this one will use the Blackhole exploit kit to serve up zbot from multiple compromised domains. Worse, a Sakura kit (typical example here) will download Sirefef / ZeroAccess , which as we’ve seen elsewhere is not a good thing to have on your system.
One of the more unpleasant spam campaigns we’ve seen recently.
Christopher Boyd (Thanks Robert, Matthew)
