‘Your Kindle e-book Amazon receipt’ themed emails lead to Black Hole Exploit Kit – Webroot


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409

 

Webroot, warns users about the possible phishing attack for Amazon kindle users. As per webroot, Cyber criminals are attempting to phish Kindle owners into thinking that they have received a receipt from an E-book purchase from Amazon.com.

In real, when a users click on any of the links found in the malicious emails, they are automatically exposed to the  client-side exploits served by the Black Hole Exploit Kit.

In real we don’t think any of Amaozn’s servers are compromised but this will trick a lot of users give their information to the wrong hands.

The malicious server

Malicious domain name reconnaissance:
starsoftgroup.net – 175.121.229.209; 198.144.191.50 – Email: [email protected]
Name Server: NS1.HTTP-PAGE.NET
Name Server: NS2.HTTP-PAGE.NET

Upon execution, the sample also phones back to the following C&C servers:  ( all servers below are malacious)
hxxp://195.191.22.90:8080/DPNilBA/ue1elBAAAA/tlSHAAAAA/
hxxp://37.122.209.102:8080/DPNilBA/ue1elBAAAA/tlSHAAAAA/
hxxp://217.65.100.41:8080/DPNilBA/ue1elBAAAA/tlSHAAAAA/
hxxp://173.201.177.77/J9/vp//EGa+AAAAAA/2MB9vCAAAA/
hxxp://210.56.23.100/J9/vp//EGa+AAAAAA/2MB9vCAAAA/
hxxp://213.214.74.5/J9/vp//EGa+AAAAAA/2MB9vCAAAA/
hxxp://180.235.150.72/J9/vp//EGa+AAAAAA/2MB9vCAAAA/

 

Screenshot of Amazon phish page. Image from Webroot

 

Article here

 

 

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>