News

Fake Microsoft Service Agreement E-mails Mails Used in Java Exploit

A recent phishing campaign that employs a Microsoft e-mail template has been spotted in the wild by researchers.

Security firm Internet Storm Center disclosed the scam over the weekend. According to Russ McRee, a researcher with the group, the fake e-mail campaign mimics Microsoft's "Important Changes to Microsoft Services Agreement and Communication Preferences" in attempts to exploit the Java flaw that was publically demonstrated last week.

McRee wrote in a recent company blog entry that instead of linking to a legitimate Microsoft site, the "phishing mail will instead include a hyperlink to the likes of allseasons****.us, radiothat****.com, and likely a plethora of others."

These redirects lead to Web sites hosting the Blackhole exploit toolkit, which has been recently updated to include the Java exploit. And, with the nature of the toolkit, a user would only need to visit the malicious Web site to have the malware downloaded and installed -- no user action is needed.

A Microsoft product manager that goes by the user name "Karla L" provided in a Microsoft forum  some tips on how to check if an e-mail was actually sent by the company:

"If you received an email regarding the Microsoft Services Agreement update and you're reading your email through the Hotmail or Outlook.com web UI, the legitimate email should have a Green shield that indicates the message is from a Trusted Sender. If the email does not have a Green shield, you can mark the email as a Phishing scam.  Do not click through the links in the email if you are not sure it is safe."

A handful of security software firms have also added the malicious e-mail into its database. Symantec Endpoint Protection has labeled this phishing scam as "Trojan.Maljava!Gen23."

Oracle released an update last week for the zero-day flaw that can allow attackers to modify the level of privileges on a targeted machine. However, according to an earlier survey conducted by security firm Rapid7, only 38 percent of Java users update to the latest version six months after release. That means the vast majority of the Web-based plugin users are currently at risk.

To update to the latest version of Java (version 7, update 7), click here.

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Hires Movial To Build Android OS for Microsoft Devices

    Microsoft has hired the Romanian operations of software engineering and design services company Movial to develop an Android-based operating system solution for the Microsoft Devices business segment.

  • Microsoft Ending Workflows for SharePoint 2010 Online Next Month

    Microsoft on Monday gave notice that it will be ending support this year for the "workflows" component of SharePoint 2010 Online, as well as deprecating that component for SharePoint 2013 Online.

  • Why Windows Phone Is Dead, But Not Completely Gone

    Don't call it a comeback (because that's not likely). But as Brien explains, there are three ways that today's smartphone market leaves the door open for Microsoft to bring Windows back to smartphones.

  • Feature Update Deferral Mix-Up in Windows 10 Version 2004 Further Explained

    Microsoft last week described the confusion it is attempting to avoid by removing the client graphical user interface (GUI)-based controls to defer Windows 10 feature updates, starting with version 2004.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.