Spear Phishing E-mails Swindle Microsoft Outlook

Red Condor, an e-mail filtering firm, has been trying to block a surge in spear phishing or targeted scam e-mails presenting bogus alerts from Microsoft Outlook.

The e-mail campaign asks recipients to add some fresh configurations to their e-mail boxes. This is because the security of their mailing facility has been recently upgraded, claims the phishing e-mail.

Moreover, the e-mail provides a web-link designed to lead users to a website resembling a Web Access page of Microsoft Office Outlook. The page, which flashes the official logos of Microsoft Office and Microsoft, directs users to download and install a file apparently, containing new configurations for their e-mail account. But the file actually is an executable containing Trojan Zbot.

Dr. Tom Steding, President and CEO of Red Condor, states that the spear phishing scam is unique because it contains extremely personalized details and aims at numerous domains. It sends uniquely tailored e-mails for each domain separately, as reported by Help Net Security on January 8, 2010.

According to Steding, spear phishing scams normally aim at a single domain or organization. However, this attack deviates from the norm since the number of targets is very high. The attack demonstrates accurately how phishing fraudsters renovate their techniques to defeat conventional security systems, and how important it is to have a sophisticated, real-time solution for e-mail security, the president adds.

Emphasizing on Steding's statement, Brien Voorhees, Researcher at Red Condor, said that the attack had also struck thousands of the company's client domains, as reported by USA TODAY on January 8, 2010. Voorhees explained that the attack made no discrimination. Along with his personal domain, it targeted the personal domains of a lot of Red Condor's other employees.

Voorhees further added that the company had observed a huge rise in the total amount of phishing scams as well as botnet activity during 2009. Banking trojans also proliferated during the period. Moreover, an analysis of such attacks shows how a lot of them concentrated on exploiting the way modern people casually use the Internet and e-mail, the researcher notes.

Related article: Spyware Detection Programs Track Advertisers’ Cookies

» SPAMfighter News - 1/19/2010