The latest Java Vulnerability attacks use Microsoft notifications as bait

Source: Internet
Author: User
Tags microsoft website

Security Organization SANS Internet Storm Center (ISC) received an email from Microsoft titled "Important Notice of Changes to Microsoft Services" (Important Changes to Microsoft Services, hackers disguise themselves as online phishing emails and stream them to the Internet. If users accidentally click in, they will be taken to malicious websites that use Java Vulnerabilities for attacks. The ISC also calls the user to be careful with the source URL before clicking the email URL, and it is best to temporarily disable the Java feature.

The website to which the spoofed email points contains a Blackhole attack tool, which intrude the Java Vulnerability in the user's computer through a trojan attack, and implant the Zeus malicious program variant. Security researchers pointed out that Zeus will steal information about user accounts, but its detection rate is very low and is not easily discovered by virus detection tools.

A formal Microsoft notification email announcing several changes to Microsoft services since January 1, October 19, issued by Karla L personnel. Emails are intended to notify users that Microsoft's online services include Hotmail, SkyDrive, Bing, MSN, Office.com, Windows Live Messenger, Windows Photo Gallery, Windows Movie Maker, windows Mail Desktop and Windows Writer will be subject to user security verification methods.

Karla L responded on the Microsoft website, saying that if a user sends a message at Hotmail.com or Outlook.com, the email will see a green shield pattern, showing that the source is a trusted organization.

Due to the recent vulnerabilities in Java 7 that may cause zero-time-difference attacks, the attack program against one of these vulnerabilities is spread through Blackhole, so the Blackhole tools commonly used by hackers are highly noticed. Although Oracle has urgently issued security patches by the end of August, it said that there are still new vulnerabilities after Java 7 updates.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.