Hackers Sending Rogue 'Microsoft Services Agreement' Emails Exploiting Java Vulnerability
Cyber criminals are distributing mass on the internet while sending rogue email notifications about changes in Microsoft's Services Agreement to trick people into visiting malicious pages that use a recently circulated Java exploit to infect their computers with malware. Oracle left a security flaw in one of the world’s most widely used programs unpatched for four months and then issues a half-baked fix, the company is practically inviting cyber criminals to exploit its users en mass. And as expected the invitation has been accepted.
The rogue email messages are copies of legitimate notifications that Microsoft sent out to users to announce changes to the company's Services Agreement that will take effect Oct. 19. "This email is a legitimate announcement regarding updates to the
Microsoft Services Agreement and Communication Preferences," a Microsoft
program manager for supporting mail technologies who identifies herself
as Karla L, said on the Microsoft Answers website in response to a user inquiring about the authenticity of the email message.
However,
she later acknowledged the existence of reports about malicious emails
that use the same template. "If you received an email regarding the
Microsoft Services Agreement update and you're reading your email
through Hotmail or Outlook.com, the legitimate email should have a Green
shield that indicates the message is from a Trusted Sender," she said.
"If the email does not have a Green shield, you can mark the email as a
Phishing scam."
However,
in the malicious versions of the emails, the correct links have been
replaced with links to compromised websites that host attack pages from
the Blackhole exploit toolkit. Blackhole is a tool used by
cybercriminals to launch Web-based attacks that exploit vulnerabilities
in browser plug-ins like Java, Adobe Reader or Flash Player, in order to
install malware on the computers of users who visit compromised or
malicious websites.
This type of attack is known as a drive-by
download and is very effective because it requires no user interaction
to achieve its goal. The malicious Java applet used in this attack is detected by only eight
of the 42 anitivirus engines available on the VirusTotal file scanning
service. The Zeus variant has a similarly low detection rate.
"We're receiving multiple reports of a phishing campaign using the
template from a legitimate Microsoft email regarding Important Changes
to Microsoft Services Agreement and Communication Preferences," Russ
McRee, security incident handler at the SANS Internet Storm Center, said
Saturday in a blog post.
-Source (Info World)
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
0-day
,
cyber-criminal
,
Hacker
,
Java
,
Microsoft
,
security-news
,
vulnerablity