Fake Microsoft E-mails Lead to Malware
The spam e-mails mimic legitimate messages from the company notifying users of changes to the Microsoft Services Agreement.
"We're receiving multiple reports of a phishing campaign using the template from a legitimate Microsoft email regarding Important Changes to Microsoft Services Agreement and Communication Preferences," writes the ISC's Russ McRee. "The legitimate version of this email is specific to a services agreement seen here, per a change to Microsoft services as of 27 Aug. The evil version of this email will subject victim to a hyperlink that will send them to a Blackhole-compromised website, which will in turn deliver a fresh Zeus variant."
"Blackhole is a tool used by cybercriminals to launch Web-based attacks that exploit vulnerabilities in browser plug-ins like Java, Adobe Reader or Flash Player, in order to install malware on the computers of users who visit compromised or malicious websites," writes Computerworld's Lucian Constantin. "This type of attack is known as a drive-by download and is very effective because it requires no user interaction to achieve its goal."
"Among the vulnerabilities exploited on these compromised sites is ... the CVE-2012-4681 Java zero-day vulnerability, which has finally been patched," writes Help Net Security's Zeljka Zorz. "Unfortunately many users are lousy at keeping their software updated, and given that the exploit for the flaw has recently been added to the Blackhole exploit kit, you can be pretty sure that the vulnerability will be taken advantage of for a long, long time."