Webroot, warns users about the possible phishing attack for Amazon kindle users. As per webroot, Cyber criminals are attempting to phish Kindle owners into thinking that they have received a receipt from an E-book purchase from Amazon.com.
In real, when a users click on any of the links found in the malicious emails, they are automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.
In real we don’t think any of Amaozn’s servers are compromised but this will trick a lot of users give their information to the wrong hands.
The malicious server
Malicious domain name reconnaissance:
starsoftgroup.net – 22.214.171.124; 126.96.36.199 – Email: [email protected]
Name Server: NS1.HTTP-PAGE.NET
Name Server: NS2.HTTP-PAGE.NET
Upon execution, the sample also phones back to the following C&C servers: ( all servers below are malacious)