American Airlines themed emails lead to the Black Hole Exploit Kit

By Dancho Danchev

Over the past 24 hours, cybercriminals launched yet another massive spam campaign, this time impersonating American Airlines in an attempt to trick its customers into clicking on a malicious link found in the mail. Upon clicking on the link, users are exposed to the client-side exploits served by the Black Hole Exploit Kit v2.0

More details:

Sample screenshot of the spamvertised email:

Spamvertised compromised URL: hxxp://

Detection rate for a sample Java script redirection: American_Airlines.html – MD5: 7b23a4c26b031bef76acff28163a39c5 – detected by 9 out of 42 antivirus scanners as JS/Exploit-Blacole.gc; JS:Blacole-CF [Expl]

Sample client-side exploits serving URL: hxxp://

We’ve already seen the same malicious email used in the previously profiled “Cybercriminals impersonate UPS, serve client-side exploits and malware” campaign, clearly indicating that these campaigns are launched by the same cybercriminal/gang of cybercriminals.

Webroot SecureAnywhere users are proactively protected from this threat.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

One thought on “American Airlines themed emails lead to the Black Hole Exploit Kit

  1. Pingback: Cybercriminals impersonate Delta Airlines, serve malware « Webroot Threat Blog – Internet Security Threat Updates from Around the World

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s