Spoofed Microsoft notification leads to Zeus
Posted on 03.09.2012
Microsoft has updated its Services Agreement last week, and has begun notifying its users about the change via email.


Eager to take advantage of any kind of legitimate opening to lead users to pages hosting malware and exploit kits, cyber crooks have copied this email, replaced the link with their own and begun sending it to users around the world.

According to ISC researchers, the malicious email reels in users with the subject line indicating important changes to Microsoft Services Agreement and communication preferences, but experienced users can see from the header that the email is sent from a Chinese IP address.

Unfortunately, most users don't know how to take a peek at the header or interpret the information contained in it. Still, if they hover with their mouse over the offered link, they can see plainly that the destination URL is not Microsoft's, but that of a number of other legitimate but compromised websites.

Each of them hosts the popular Blackhole exploit kit, which takes advantage of any of the many flaws that can be found on most users' computers and delivers malware. In this case, it's a Zeus Trojan variant that poses as a Flash Player update, and has a rather low detection rate according to VirusTotal.

Among the vulnerabilities exploited on these compromised sites is also the CVE-2012-4681 Java zero-day vulnerability, which has finally been patched.

Unfortunately many users are lousy at keeping their software updated, and given that the exploit for the flaw has recently been added to the Blackhole exploit kit, you can be pretty sure that the vulnerability will be taken advantage of for a long, long time.






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //