Establishing Digital Trust: Don't Sacrifice Security for Convenience
AppRiver researchers are warning of a new spam campaign which delivers an e-mail claiming that the recipient has requested a link to reset their Dropbox password, and that their old password "is now marked as 'dangerous'" (h/t Threatpost).
If the recipient of the e-mail clicks on the "Reset Password" link, they're redirected to a page that tells them their browser is out of date and needs to be updated.
Clicking on any link on the browser update page will download a malicious file, ieupdate.exe, which is a variant of the Zeus Trojan.
"As always, take extreme caution when you get any password or banking emails out of the blue," writes AppRiver's Jonathan French. "Always check where they may lead you and what information it may be asking."