‘Your Kindle e-book Amazon receipt’ themed emails lead to Black Hole Exploit Kit – Webroot

 

Webroot, warns users about the possible phishing attack for Amazon kindle users. As per webroot, Cyber criminals are attempting to phish Kindle owners into thinking that they have received a receipt from an E-book purchase from Amazon.com.

In real, when a users click on any of the links found in the malicious emails, they are automatically exposed to the  client-side exploits served by the Black Hole Exploit Kit.

In real we don’t think any of Amaozn’s servers are compromised but this will trick a lot of users give their information to the wrong hands.

The malicious server

Malicious domain name reconnaissance:
starsoftgroup.net – 175.121.229.209; 198.144.191.50 – Email: [email protected]
Name Server: NS1.HTTP-PAGE.NET
Name Server: NS2.HTTP-PAGE.NET

Upon execution, the sample also phones back to the following C&C servers:  ( all servers below are malacious)
hxxp://195.191.22.90:8080/DPNilBA/ue1elBAAAA/tlSHAAAAA/
hxxp://37.122.209.102:8080/DPNilBA/ue1elBAAAA/tlSHAAAAA/
hxxp://217.65.100.41:8080/DPNilBA/ue1elBAAAA/tlSHAAAAA/
hxxp://173.201.177.77/J9/vp//EGa+AAAAAA/2MB9vCAAAA/
hxxp://210.56.23.100/J9/vp//EGa+AAAAAA/2MB9vCAAAA/
hxxp://213.214.74.5/J9/vp//EGa+AAAAAA/2MB9vCAAAA/
hxxp://180.235.150.72/J9/vp//EGa+AAAAAA/2MB9vCAAAA/

 

Screenshot of Amazon phish page. Image from Webroot

 

Article here

 

 

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>