Phishers use a legitimate email from Microsoft to exploit the vulnerability in Java
If you click on the link in the message, spammers send out falls victim to a page with an exploit, which establishes a system of Trojan Zeus.
The site Internet Storm Center (ISC) at SANS Institute, a notification appears on the current spam campaigns using the template of the messages from Microsoft, in which attackers use recent vulnerability in Java.
Operators ISC received a large number of reports on spam messages, which the authors are trying to convince the victim that she write to Microsoft about the changes in the provision of services to users of different services and products such as Hotmail and Skydrive.
In a sent message contains a link to a specially preformed web-page that exploits a vulnerability CVE-2012-4681 and set on a compromised system one of the modifications of the banking Trojan Zeus. Recall that this vulnerability was eliminated last week, and before that, according to FireEye, it was used in the implementation of targeted attacks. According to the Polish company Security Explorations, Oracle has recognized the existence of this vulnerability in April of this year.
Original taken by hackers as a basis of the letter was sent to Microsoft on August 27 with the theme “Important Changes to Microsoft Services Agreement and Communication Preferences”. This message contains a hyperlink “http://email.microsoft.com/Key-9850301.C.DLs15.C.KK.DlNkNK”, which leads to a page service agreement from American corporations.
To protect themselves from such phishing attacks, users are advised to check the correctness of the displayed links, and insert it into the browser manually.
Symantec Endpoint Protection is detecting this as Trojan.Maljava!Gen23
Notify ISC can be found here.