Advertisement
Promo

Security threats Toolkit

Fake Outlook Web Access update sets malware trap

Carly Newman ZDNet UK

Published: 16 Oct 2009 17:02 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Analysts at Websense Security Labs have detected a wave of attacks directed at people who use Microsoft's Outlook Web Access.

The web security company said on Wednesday that it has seen upwards of 30,000 emails an hour directing users of the web-based email software to click on a link to update their mailbox settings as part of a 'security upgrade'. In fact, the link takes them to a site that contains malware.

According to Websense, the emails are convincing because they are personalised to include the victim's email address. In addition, the malicious website is spoofed to include the targeted domain name, and the URL on the emails looks like it should lead to the user's particular Outlook Web Access site.

"The victim's domain name and email address are also used in a number of locations on the malicious site to make it that much more believable," Websense said in its security advisory.

The malicious site installs the Zbot Trojan on the computer, Websense's security research manager Patrick Runald said.

Graham Cluley, senior technology consultant at Sophos, said on Friday that the security company had also detected a spate of malicious emails aimed at Outlook Web Access users. "In the last few days, there appears to have been a very active campaign," he said.

Spoof Outlook
 
The fake Outlook Web Access site includes references to the potential victim's own email address and domain, according to Websense
 

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
13 out of 15 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

1 comment

  1. They is a need for... CA

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:











Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Climate research centre compromised

One of the UK's leading climate change research centres has had a security breach. The Climate Research Unit at the University of East Anglia (UEA) suffered a compromise of information,... More

1 comment

Government web-monitoring plans on hol...

Government plans to compel ISPs to process and store details of all web communications have been put on hold until after the next election. The Home Office told ZDNet UK on Wednesday... More

1 comment

Watchdog reveals illegal sale of phone...

The Information Commissioner's Office is preparing a prosecution file against a mobile operator's employees who allegedly sold on thousands of customers' details to a competitor. The... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters