As you can see the messages are extremely simple and only contain a link about the accident of a person. This link varies in each email but it always leads to harmful sites through successive redirects.This page exploits different vulnerabilities in the user's browser through an obfuscated script:
This script eventually downloads and executes malware on the user's computer. Also if the antivirus does not block the script, a page is presented to the user to download the same harmful file again. (http://id100735411.rules[DELETED].com/arc/files/file.exe.)
From Segu-Info we warn about this situation since messages about accidents are usually the main hooks that users bite and end up getting infetished.
Cristian from the Segu-Info Newsroom
