Last week, we published a blog post regarding the ongoing spam campaign using the recent earthquake in Japan to infect users. This is a follow up blog describing the exploits used by the Incognito Exploit Kit. In the past 40 hours, the malicious domains hosting the exploits have been changed eight times. Once exploited, the help center process is killed using the taskkill command line utility (command line process killer) Once decoded, it creates a VBS file that will be executed to install the malware on the user machine.”]
Source: https://securelist.com/japan-quake-spam-leads-to-malware-part-3/29771/

