<p>Websense the security company through its ThreatSeeker Network recently identified one fresh spam campaign that posing as messages from Amazon the e-business giant claims to verify a so-called purchase order. The campaign reportedly follows a Java security flaw named CVE-2012-4681 that has been propagating as also been consequently incorporated into the notorious attack toolkit -BlackHole.</p><p>Indeed, accomplishment of the said exploit can well let the spammers install more malware onto victims' computers that, say, can result in financial and other personal databases getting exfiltrated.</p><p>Early this month (September 1, 2012), Websense caught more than 10,000 spam mails displaying a caption "You Order with Amazon.com" that lured readers to hit on a given web-link for confirming one purchase order that they supposedly made on Amazon.</p><p>However, hitting actually leads the end-users -via several diversions- onto a site harboring BlackHole along with a confusing JavaScript, which tries finding out the name of the Web-browser, the versions of Java, Adobe Reader and Adobe Flash, running on the end-users' machines, so the toolkit may deliver a suitable exploit, explains Websense.</p><p><a href="http://www.spamfighter.com/News-17930-Spam-Mails-Supposedly-from-Amazon-Abuse-Java-Flaw-Reports-Websense.htm">Keep reading...</a></p>