Websense Security Labs has detected another wave of malicious email messages linked to the Phoenix Exploit Kit
September 2010 by Websense
Websense Security Labs ThreatSeeker Network has detected another wave of malicious email messages linked to the Phoenix Exploit Kit (a piece of obfuscation that we recently came across while handling a blended threat). Like many attack kits, this attempts to exploit a number of known vulnerabilities in Java, Flash, and PDF.
Blended attacks are being used more than ever before. This time, they are attempting to lure users with genuine-looking email attachments that, when opened, launch them into a redirection chain that ends up on a page containing the Phoenix Exploit Kit. The page displayed looks legitimate as the spammers have copied content from several different vendors and brands, including XBox 360, Bank of America, and Twitter.
Patrik Runald, Senior manager, Websense security labs:
“In general, spammers will try everything and stop at nothing to deliver content to users. When people don’t trust one kind of email, spammers change their tactics and use something else. This process never stops, and is very interesting to follow. It’s interesting, at least, if you know you’re being protected.”
For details of the new blog please click here: http://community.websense.com/blogs/securitylabs/archive/2010/09/22/phoenix-the-supervisor.aspx
For a deeper view of the phoenix exploit kit please click here: http://community.websense.com/blogs/securitylabs/archive/2010/08/31/random-access-obfuscation.aspx