Verizon Wireless customers, beware!

For over a week now, cybercriminals have been persistently spamvertising millions of emails impersonating the company, in an attempt to trick current and prospective customers into clicking on the client-side exploits and malware serving links found in the malicious email.

Upon clicking on any of the links, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

Screenshot of the spamvertised email:

Spamvertised malicious URLs: hxxp://; hxxp://

Client-side exploits serving URL: hxxp://

Sample client-side exploits served: CVE-2010-0188

Upon successful client-side exploitation, the campaign drops MD5: b8d6532dd17c3c6f91de5cc13266f374 – detected by 26 out of 44 antivirus scanners as Trojan-Spy.Win32.Zbot.fkth

Once executed, the sample phones back to,  –, AS58014

Name servers used in the campaign:

The same name server is also offering DNS services to the following malicious domains, part of the campaign’s infrastructure:

The last time we intercepted a Verizon Wireless themed malicious campaign was in March 2012. We expect to see more campaigns impersonating this company, thanks to the cybercriminal’s proven tactic of rotating the impersonated brands.

Webroot SecureAnywhere users are proactively protected from these threats.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This