Embassy website links to Phishing scam, BlackHole

Criminals are phishing innocent people with a NACHA electronic payment email scam that redirects to an infected page hosted on the website for the Embassy of Belize in Guatemala:

That page loads exploit code:

Did you know that this script is not detected by any AV? (VirusTotal 0/42). However, using Malzilla we can de-obfuscate the code to see what we really have:

The obfuscated code redirects to an iframe, a page containing multiple exploits:

synergyledlighting.net/main.php?page=4e4959105994cf84

This also happens to be a BlackHole:

A BlackHole is an exploit toolkit that serves drive-by downloads. Through this admin panel, one can look at stats such as number of hosts infected per country, operating system etc…

If you want to dig in deeper, here are a list of files found on this BH:

File1

File2

File3

File4

Jerome Segura