![]() "įake ‘Amazon order’ email exploits recent Java vuln. If you want to test whether you’ve successfully disabled Java, check out Rapid7's page. The last time Google tested a site on this network was on, and the last time suspicious content was found was on. served content that resulted in malicious software being downloaded and installed without user consent. ![]() The VirusTotal link for Leh.jar is here(3), and the VirusTotal link for the Zeus variant offered is here(4).Ĭontemplate disabling Java(5) until the -next- update(6) is released." Source code review of the web page served included I assessed radiothat****.com and was redirected to 209.x.y.14 which is running the very latest Blackhole evil as described on 28 AUG by Websense in this post**. (Obfuscated to protect the innocent): The phishing mail will instead include a hyperlink to the likes of allseasons****.us, radiothat****.com, and likely a plethora of others. The legitimate email will include a hyperlink for, which points to the above mentioned services agreement. (evil) email including the following header snippet: ![]() The evil version of this email will subject victim to a hyperlink that will send them to a Blackhole-compromised website, which will in turn deliver a fresh Zeus variant. The legitimate version of this email is specific to a services agreement seen here*, per a change to Microsoft services as of 27 AUG. We're receiving multiple reports of a phishing campaign using the template from a legitimate Microsoft email regarding Important Changes to Microsoft Services Agreement and Communication Preferences. Last Updated: - "Thanks to Susan Bradley for reporting this to ISC. Fake MS email phish delivers Zeus via Java vuln.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |