Hackers create bogus Microsoft Services Agreement email to exploit users
Installs malware based on an exploit in Oracle's Java software
HACKERS are using a recent Microsoft email notification regarding changes in its Services Agreement to trick people into installing malicious programs based on an exploit in Oracle's Java software.
The SANS Institute's Internet Storm Centre issued warnings about the rogue emails at the weekend, saying that they are based on a 27 August communication from Microsoft about popular products such as Hotmail and Skydrive.
"We're receiving multiple reports of a phishing campaign using the template from a legitimate Microsoft email regarding Important Changes to Microsoft Services Agreement and Communication Preferences," SANS Internet Storm Centre security incident handler Russ McRee said in a blog post.
"The evil version of this email will subject [the] victim to a hyperlink that will send them to a Blackhole-compromised website, which will in turn deliver a fresh Zeus variant."
McRee said that this type of attack is effective because it requires no user interaction to achieve its goal.
Security firm Sophos said in a blog post that the attacks have prompted "renewed calls for internet users to disable Java on their systems" as they await an update from Oracle to fix the Java vulnerabilities.
Microsoft acknowledged the malware when responding to a user question regarding the fake email, and advised users not click on any links.
"If you received an email regarding the Microsoft Services Agreement update and you're reading your email through the Hotmail or Outlook.com web UI, the legitimate email should have a Green shield that indicates the message is from a Trusted Sender," Microsoft representative Karla L said on the firm's Answers website.
"If the email does not have a Green shield, you can mark the email as a Phishing scam. Do not click through the links in the email if you are not sure it is safe."