Amazon Spam is Back, Blackhole Exploit in Tow

360Tencent

http://www.gfi.com/blog/amazon-s ... ole-exploit-in-tow/

All links in the email body, apart from the linked email address, lead users to the same HTML page that are hosted on various legitimate but compromised WordPress domains. Their URLs contain the following section in their syntax:

/wp-content/themes/twentyten/zone(dot)html

For this particular spam sample, the following URLs were used:

thebrandstand(dot)co(dot)uk/wp-content/themes/twentyten/zone(dot)html
unknowncoatings(dot)com/wp-content/themes/twentyten/zone(dot)html
constructionshco(dot)com/wp-content/themes/twentyten/zone(dot)html
latinamericanrestaurantmiami.com/wp-content/themes/twentyten/zone(dot)html
sermacho(dot)com/wp-content/themes/twentyten/zone(dot)html
thecubsfan(dot)com/wp-content/themes/twentyten/zone(dot)html
cutterssupplyinc(dot)com/wp-content/themes/twentyten/zone(dot)html