Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42869
  • Total Topics: 16078
  • Online Today: 3565
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: Fake Outlook Web Access update sets malware trap (Zbot Trojan, )  (Read 2771 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


The fake Outlook Web Access site includes references to the potential victim's own email address and domain, according to Websense.


Analysts at Websense Security Labs have detected a wave of attacks directed at people who use Microsoft's Outlook Web Access.

The web security company said on Wednesday that it has seen upwards of 30,000 emails an hour directing users of the web-based email software to click on a link to update their mailbox settings as part of a 'security upgrade'. In fact, the link takes them to a site that contains malware.

According to Websense, the emails are convincing because they are personalised to include the victim's email address. In addition, the malicious website is spoofed to include the targeted domain name, and the URL on the emails looks like it should lead to the user's particular Outlook Web Access site.

"The victim's domain name and email address are also used in a number of locations on the malicious site to make it that much more believable," Websense said in its security advisory.

The malicious site installs the Zbot Trojan on the computer, Websense's security research manager Patrick Runald said.

Graham Cluley, senior technology consultant at Sophos, said on Friday that the security company had also detected a spate of malicious emails aimed at Outlook Web Access users. "In the last few days, there appears to have been a very active campaign," he said.

(ZDnet)

Samker's Computer Forum - SCforum.info


SecurityNewbie

  • SCF Newbie
  • *
  • Posts: 2
  • KARMA: 1
Re: Fake Outlook Web Access update sets malware trap (Zbot Trojan, )
« Reply #1 on: 20. October 2009., 08:53:09 »
Aren't these rolled out anyway by system administrators? Plus it appears to be quite obvious ...

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Fake Outlook Web Access update sets malware trap (Zbot Trojan, )
« Reply #2 on: 20. October 2009., 14:00:39 »
Trick is in this part:

Quote
URL on the emails looks like it should lead to the user's particular Outlook Web Access site.

for example, they mask Link on this way "office.microsoft.com/en-us/outlook/xyxcdfdkldr.com"

and somebody notice this but somebody make mistake and result is infection.


Samker's Computer Forum - SCforum.info

Re: Fake Outlook Web Access update sets malware trap (Zbot Trojan, )
« Reply #2 on: 20. October 2009., 14:00:39 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising