The BlackHole Exploit Kit has come in various forms, such as official bank notices, cable provider email updates, social networking email, and fake courier notifications. Now it is coming as a spam run from what would seem to be Wal-Mart.

Figure 1. Notice supposedly from Walmart

Some of the URLs lead to Cyrillic domain names. These domains were translated into the English alphabet through punycode. URLs in punycode have to be decoded first in order to see its original format.

Users can be redirected to a phishing site based on the international domain names (IDNs) that appears to have the same URL as a legitimate site. This can make blocking malicious sites more difficult.

Your best defense against phishing is to:
1) Always be cautious of email messages before clicking the links or downloading attached files
2) verify with the vendor to check if these emails are legitimate
3)install the latest security updates from software vendors to avoid threats targeting dated vulnerabilities