Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Spam Mails Supposedly from Amazon Abuse Java Flaw, Reports Websense

Websense the security company through its ThreatSeeker Network recently identified one fresh spam campaign that posing as messages from Amazon the e-business giant claims to verify a so-called purchase order. The campaign reportedly follows a Java security flaw named CVE-2012-4681 that has been propagating as also been consequently incorporated into the notorious attack toolkit -BlackHole.

Indeed, accomplishment of the said exploit can well let the spammers install more malware onto victims' computers that, say, can result in financial and other personal databases getting exfiltrated.

Early this month (September 1, 2012), Websense caught more than 10,000 spam mails displaying a caption "You Order with Amazon.com" that lured readers to hit on a given web-link for confirming one purchase order that they supposedly made on Amazon.

However, hitting actually leads the end-users -via several diversions- onto a site harboring BlackHole along with a confusing JavaScript, which tries finding out the name of the Web-browser, the versions of Java, Adobe Reader and Adobe Flash, running on the end-users' machines, so the toolkit may deliver a suitable exploit, explains Websense.

And just when the end-users' PCs become compromised, the attackers promptly deliver malware of their choice while the victims remain unaware.

Remarking about the current e-mail scam, Websense said that it additionally exemplified the speed as also cleverness with which cyber-criminals designed as well as spread malevolent content alongside methods of social engineering for leveraging both latest application security flaws as also end-users' gullibility. Forbes.com published this dated September 4, 2012.

But, it's possible to lessen the impact of the above malicious assaults. As a result, it's being urged that users deactivate Java if and when feasible. Moreover, they should be vigilant about anything doubtful like the word 'You' in place of 'Your' in the fake e-mail purportedly from Amazon. Over and above, anti-virus software must always be maintained revised to the latest version then even suppose BlackHole succeeds in contaminating a PC, it maybe possible to spot and eliminate the infection. Alongside these, it is further urged that Internet-users review the subject lines in e-mails should the messages seem unauthentic, Websense's security experts state.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 11-09-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next