Phishers Email from Microsoft to exploit the vulnerability in Java

Posted: September 4, 2012 in IT Security News
Tags: , ,

PhishingPhishers use a legitimate email from Microsoft to exploit the vulnerability in Java

If you click on the link in the message, spammers send out falls victim to a page with an exploit, which establishes a system of Trojan Zeus.

The site Internet Storm Center (ISC) at SANS Institute, a notification appears on the current spam campaigns using the template of the messages from Microsoft, in which attackers use recent vulnerability in Java.

Operators ISC received a large number of reports on spam messages, which the authors are trying to convince the victim that she write to Microsoft about the changes in the provision of services to users of different services and products such as Hotmail and Skydrive.

In a sent message contains a link to a specially preformed web-page that exploits a vulnerability CVE-2012-4681 and set on a compromised system one of the modifications of the banking Trojan Zeus. Recall that this vulnerability was eliminated last week, and before that, according to FireEye, it was used in the implementation of targeted attacks. According to the Polish company Security Explorations, Oracle has recognized the existence of this vulnerability in April of this year.

Original taken by hackers as a basis of the letter was sent to Microsoft on August 27 with the theme “Important Changes to Microsoft Services Agreement and Communication Preferences”. This message contains a hyperlink http://email.microsoft.com/Key-9850301.C.DLs15.C.KK.DlNkNK”, which leads to a page service agreement from American corporations.

To protect themselves from such phishing attacks, users are advised to check the correctness of the displayed links, and insert it into the browser manually.

Symantec Endpoint Protection is detecting this as Trojan.Maljava!Gen23

Notify ISC can be found here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s