Sophos Labs intercepted a spam campaign that claim to be related to a rejected wire transfer.
Although most savvy computer users would realise that unsolicited email is unlikely to be legitimate, there are some who might be vulnerable or merely curious enough to click on the HTML attachment, not realising that it can cause problems for their PC.
When user open the The HTML attachment , it displays 'Please wait a moment. You will be forwarded...'.
In the background, an obfuscated piece of code is performing a redirect to a hijacked Russian site that hosts Blackhole, the infamous exploit kit that leverages all sorts of known vulnerabilities to serve malware.
![](https://pinterest.com/pin/create/bookmarklet/?media=https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjABJLxYv8E6796J1n00I8ZbM8uMhaVf56yx8buZvEumNAP9NKIMWrHq_XNrk6SQSArtYGEjfTU7Pr391pjVu2Tu8iajywfII6BQbTrZ6OB4Zauna_jbtSMbnOwKELhLAl2RktDwv5-R7U/s1600/spma-blackhole_exploit.jpg&url=https://www.cysecurity.news/2012/07/wire-transfer-confirmations-email-leads.html&description="Wire Transfer Confirmations" email leads to BlackHole Exploit site){kind=link}