Zeus Phishing Scam Attacks Outlook Web Access Consumers

According to researchers at Trusteer an Internet security company on October 14, 2009, a newly launched worldwide spam is targeting web-mail consumers of Microsoft's Outlook Web Access. SC Magazine published this in news on October 15, 2009.

Reportedly, the attack involves crafty e-mails for duping employees of several organizations to which they are sent, with the messages spoofing the administrators of the organizations and directing the recipients that they must reconfigure their e-mail accounts on Outlook Web Access (OWA).

Actually, OWA is commonly utilized in organizations, which use the Outlook e-mail service of Microsoft, as it facilitates users in operating personal e-mail through other computers or from home that clearly are not linked to the organizations' computer networks.

Meanwhile describing how the attack works, the security researchers said that if e-mail recipients click on a given link, they land on a genuinely appearing Outlook Web Access site that prompts them to take down online the modified configurations that in reality represent Trojan Zeus, also referred to as Trojan Zbot.

Subsequently as the Trojan gets installed, it immediately enters the Web browser where it keeps track of all traffic. Thereafter, Zeus captures login credentials for accessing websites of sensitive nature and also modifies the web-pages appearing inside the browser, while directing the user to furnish more sensitive data that it transmits to the remote hackers.

Also, says Amit Klein CTO of Trusteer that apart from stealing login credentials, the Zeus is as well tailor made to carry out a "man-in-the-browser" assault that substitutes the online banking page with an imposter copy where the fraudsters manipulate anything they wish. SC Magazine reported this on October 15, 2009.

Furthermore, although it appears that the web-links are to the organizations' OWA sites, the latter are really on servers located in several countries, including Latin America and Europe.

Eventually, according to the security specialists, while e-mail users are aware of how to stay clear of ordinary scams, which purport to be from PayPal or eBay, in the current instance, the e-mails which appear as being sent from a technical assistant team aren't that easy to decipher.

Related article: Zeus Trojan Stole Huge Amount of Information

» SPAMfighter News - 10/29/2009