If you want to test whether you’ve successfully disabled Java, check out Rapid7's page. The last time Google tested a site on this network was on, and the last time suspicious content was found was on. served content that resulted in malicious software being downloaded and installed without user consent. The VirusTotal link for Leh.jar is here(3), and the VirusTotal link for the Zeus variant offered is here(4).Ĭontemplate disabling Java(5) until the -next- update(6) is released." Source code review of the web page served included I assessed radiothat****.com and was redirected to 209.x.y.14 which is running the very latest Blackhole evil as described on 28 AUG by Websense in this post**. (Obfuscated to protect the innocent): The phishing mail will instead include a hyperlink to the likes of allseasons****.us, radiothat****.com, and likely a plethora of others. The legitimate email will include a hyperlink for, which points to the above mentioned services agreement. (evil) email including the following header snippet: The evil version of this email will subject victim to a hyperlink that will send them to a Blackhole-compromised website, which will in turn deliver a fresh Zeus variant. The legitimate version of this email is specific to a services agreement seen here*, per a change to Microsoft services as of 27 AUG. We're receiving multiple reports of a phishing campaign using the template from a legitimate Microsoft email regarding Important Changes to Microsoft Services Agreement and Communication Preferences. Last Updated: - "Thanks to Susan Bradley for reporting this to ISC. Fake MS email phish delivers Zeus via Java vuln.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |