Phishing email takes advantage of latest Java vulnerability

2012년 9월 5일 (수)

Experts at the SANS Institute's Internet Storm Center warned users of a malicious email targeting Microsoft users' computers with malware. The phishing attempt is disguised as a Microsoft notification claiming changes in the company's Services Agreement for products such as Hotmail and Skydrive

Fake emails look real
The email mimics a legitimate Microsoft communication sent to inform users of changes to the company's agreement that will take place on October 19, according to security expert Russ McRee. The only differences between the emails are the links. The phishing email replaces the links in the original email with websites meant to attack pages using the Blackhole exploit kit. Blackhole was recently updated to include the Java 7 vulnerability, said McRee.

Blackhole refers to the tool that online criminals use to launch attacks in browser plug-ins, like Java, Adobe Reader or Flash Player, and installs malware. Known as a drive-by, this strike can effectively attack computers because it does not require user information.

Microsoft was made aware of the fake email when a user asked a question concerning the "agreement." Microsoft reminded users that if they are looking at the email through Hotmail or Outlook, it will have a green shield to confirm that the email was sent from a trusted service, according to a Microsoft representative.

Oracle Corp recently made headlines when its latest version of Java included a vulnerability that allows hackers to deliver a code to bypass the weak spot. Oracle issued a patch, but it failed to completely fix Java problems. This recent Java vulnerability has doubled the success rate of Blackhole exploits and has compromised thousands of computer systems, according to Seculert.

Take measures against malware
Users should take the necessary security measures to ensure that the malware is not released on their computers. First, users can disable Java on their systems until Oracle issues a solution to the problem. Users should also hover over a link to determine if the domain and the shown link match up. If not, users should avoid clicking it. McRee also suggests looking at the email headers to find clues that indicate whether or not the email is legitimate.

As hackers continue to pose as large companies in spam, computer users should take web security precautions when opening any suspicious emails.

-McAfee Cloud Security