October 6, 2011

Blackhole Exploit + Rogue AV capitalizes on Steve Jobs' passing


Websense ThreatSeeker® Network has detected malicious email messages claiming that the late Apple founder and CEO, Steve Jobs, is still alive.  Websense Email Security and Websense Web Security protect against these blended attacks with ACE, our Advanced Classification Engine

Some of the email subjects used in this attack include :

  • Steve Jobs: Not Dead Yet!
  • Steve Jobs Alive!
  • Steve Jobs Not Dead

Screenshot 1 : Sample Email Messages  

The email messages contain links to compromised web sites that redirect to Blackhole Exploit Kit and install Rogue AV malware.  The malicious file used in this attack is poorly detected by AV engines. 


Screenshot 2 : Malicious Redirect


Screenshot 3 : Obfuscated Exploit Code

As always, don't click on links in emails you didn't expect to receive, they tend to be bad news.


Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

Read more articles by Forcepoint

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.