Mal/ExpJS-AV

Mal/ExpJS-AV is a Blackhole exploit JavaScript Trojan that proliferates via a spam email message posing as an invoice from Apple for a $699.99 postcard. The bogus Apple invoice email includes a web-link 'View/Download', which if clicked, downloads the file called 'download.jpg.exe', while the 'Cancel' and 'Not your order' web-links download the file called 'check.php'. If a PC user clicks on any of the web-links, he/she is rerouted to an unrelated website declaring to be the IRS and saying the PC user is not using a supported web browser. Once this web page is illustrated, in the common way of the Blackhole exploit kit, it aims at delivering exploits, found as Mal/ExpJS-AV, against Adobe Flash Player, Adobe Reader and Oracle Java. If any of these are successful, it takes over the targeted PC with the Zeus/ZBot Trojan. If any of these do not work, the image has links for downloading an 'up-to-date' version of these Internet browsers that simply downloads a file called 'update.exe'. If the computer user is exploited or downloads and runs the file his/her PC is corrupted by the Zeus/ZBot Trojan, which is produced to log keystrokes and hijack bank accounts.