Malicious E-mails Supposedly by BDO Stoy Hayward Exploit Java Vulnerability

Security researchers from Sophos the security company have detected spam mails that serve one fresh Java exploit to Internet-users and pose as messages from BDO Stoy Hayward an accountancy firm in The Netherlands that has branches elsewhere too.

Written in Dutch language, the malicious electronic mail in English translates to "Attention! VAT rate increase per 1 October 2012," as the caption, while its text addresses the recipient as Madam/Sir. The e-mail begins by drawing the attention of the recipient to the large turnover tax that has been raised to 21% from 19% by the time 1st October 2012 arrives. A tax called Value Added Tax (VAT) is determined via the performance conducted at a particular moment such as during provision of services and goods alternatively sale date. However, the current e-mail provides valuable suggestions for rectifying the raised VAT for suitable implementation within the user's organization, the e-mail tells.

The e-mail then explains that entrepreneurs who would apply VAT will find increased sales alternatively nil extra cost. But for buyers, it means an increase in prices. Also, if the VAT is incorrectly used it can lead to more tax, so it's important to remain wary of the changes. If the reader has any questions or wants to know more then he may go to a given 'Ministry of Finance' prepared web-page, the e-mail concludes.

Unfortunately, the web-link instead of leading onto any government site presents a misleading script, which installs one applet Sophos' researchers detected as Exp/20124681-A. The said exploit enables in manipulating certain Java zero-day security flaw currently known to be notorious.

And though the described spam mail targets solely Internauts of Holland, probabilities are that likewise e-mail scams may target other global users too.

Moreover, the malware may also arrive via phony Facebook notifications or e-mails announcing a prize for the recipient.

Thus Sophos' researchers advise Internet-users to deactivate their Web-browser's Java plug-in soon.

Worryingly, in April 2012, whilst Poland-based vulnerability and security research firm Security Explorations reported the flaw, Oracle became wary but it hasn't yet fixed the bug; consequently, cyber-criminals are repeatedly exploiting the said flaw through malevolent schemes.

Related article: Malicious JavaScript Strikes Getting Smarter

» SPAMfighter News - 9/7/2012