Websense researchers are warning of malicious spam e-mails that pose as automated notifications from Craigslist, asking the recipient to click on a link in order to complete a Craigslist request. The link redirects the victim to a Web site hosting the Blackhole exploit kit.

"The malicious emails, 150,000 of which were caught by Websense Security Lab’s Cloud Email Security portal ... attempt to convince recipients that 'FURTHER ACTION IS REQUIRED TO COMPLETE [THEIR] REQUEST!!!'" writes Threatpost's Brian Donohue. "The emails go on to claim that recipients must follow the (malicious) link below in order to publish, edit or delete their ad or verify their email address. At the bottom of the email is a bold and capped piece of text that helpfully advises that users 'KEEP THIS EMAIL.' ... Websense lists 'Models for fine' (systems / network), 'Studio4PaintWorkCatskills' (education), and 'Show Your Art' (cars+trucks) as a few of the email subjects popping up in the scam."

"The emails are good imitations of legitimate Craigslist automated email notifications, and have a rather legitimate looking sender address and name, too," writes Help Net Security's Zejlka Zorz. "But the embedded link takes the users to a compromised WordPress page, where obfuscated JavaScript serves an iFrame that redirects them to another compromised site located on a Russian domain. There the exploit kit awaits and tries to take advantage of a slew of vulnerabilities that might exist on the targets' computer and serve malware."