Spam Mails Supposedly from Amazon Abuse Java Flaw, Reports Websense
Websense the security company through its ThreatSeeker Network recently identified one fresh spam campaign that posing as messages from Amazon the e-business giant claims to verify a so-called purchase order. The campaign reportedly follows a Java security flaw named CVE-2012-4681 that has been propagating as also been consequently incorporated into the notorious attack toolkit -BlackHole.
Indeed, accomplishment of the said exploit can well let the spammers install more malware onto victims' computers that, say, can result in financial and other personal databases getting exfiltrated.
Early this month (September 1, 2012), Websense caught more than 10,000 spam mails displaying a caption "You Order with Amazon.com" that lured readers to hit on a given web-link for confirming one purchase order that they supposedly made on Amazon.
And just when the end-users' PCs become compromised, the attackers promptly deliver malware of their choice while the victims remain unaware.
Remarking about the current e-mail scam, Websense said that it additionally exemplified the speed as also cleverness with which cyber-criminals designed as well as spread malevolent content alongside methods of social engineering for leveraging both latest application security flaws as also end-users' gullibility. Forbes.com published this dated September 4, 2012.
But, it's possible to lessen the impact of the above malicious assaults. As a result, it's being urged that users deactivate Java if and when feasible. Moreover, they should be vigilant about anything doubtful like the word 'You' in place of 'Your' in the fake e-mail purportedly from Amazon. Over and above, anti-virus software must always be maintained revised to the latest version then even suppose BlackHole succeeds in contaminating a PC, it maybe possible to spot and eliminate the infection. Alongside these, it is further urged that Internet-users review the subject lines in e-mails should the messages seem unauthentic, Websense's security experts state.
Related article: Spam Scam Bags a Scottish Connection
» SPAMfighter News - 11-09-2012