The spam email tells recipients that Intuit, the maker of QuickBooks, needs to verify their name and tax identification number because it is different from the information held by the Internal Revenue Service, explained Chester Wisniewski of SophosLabs. The email directs the recipient to click on a link in order to "check and verify" account information.
Intuit issued a warning about the spam, which it termed a phishing scam. Unfortunately, QuickBooks users who fall victim to the scam are directed to a website that contains JavaScript representative of the sites infected with the Blackhole exploit kit, Wisniewski explained.
“Depending on which browser and plugins you may be running the Blackhole exploit kit can exploit the vulnerable ones and deliver a malicious payload, many times fake anti-virus (scareware)”, he noted.
As reported by Infosecurity, the BlackHole exploit kit is a powerful piece of malware in the same league as the Zeus financial trojan. It first appeared in the third quarter of 2010 with a price tag of $1,500 for 12 months, falling to $200 for one week license, but it began to be offered free in May of last year.