Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Spam Mails Supposedly from Amazon Abuse Java Flaw, Reports Websense

Websense the security company through its ThreatSeeker Network recently identified one fresh spam campaign that posing as messages from Amazon the e-business giant claims to verify a so-called purchase order. The campaign reportedly follows a Java security flaw named CVE-2012-4681 that has been propagating as also been consequently incorporated into the notorious attack toolkit -BlackHole.

Indeed, accomplishment of the said exploit can well let the spammers install more malware onto victims' computers that, say, can result in financial and other personal databases getting exfiltrated.

Early this month (September 1, 2012), Websense caught more than 10,000 spam mails displaying a caption "You Order with Amazon.com" that lured readers to hit on a given web-link for confirming one purchase order that they supposedly made on Amazon.

However, hitting actually leads the end-users -via several diversions- onto a site harboring BlackHole along with a confusing JavaScript, which tries finding out the name of the Web-browser, the versions of Java, Adobe Reader and Adobe Flash, running on the end-users' machines, so the toolkit may deliver a suitable exploit, explains Websense.

And just when the end-users' PCs become compromised, the attackers promptly deliver malware of their choice while the victims remain unaware.

Remarking about the current e-mail scam, Websense said that it additionally exemplified the speed as also cleverness with which cyber-criminals designed as well as spread malevolent content alongside methods of social engineering for leveraging both latest application security flaws as also end-users' gullibility. Forbes.com published this dated September 4, 2012.

But, it's possible to lessen the impact of the above malicious assaults. As a result, it's being urged that users deactivate Java if and when feasible. Moreover, they should be vigilant about anything doubtful like the word 'You' in place of 'Your' in the fake e-mail purportedly from Amazon. Over and above, anti-virus software must always be maintained revised to the latest version then even suppose BlackHole succeeds in contaminating a PC, it maybe possible to spot and eliminate the infection. Alongside these, it is further urged that Internet-users review the subject lines in e-mails should the messages seem unauthentic, Websense's security experts state.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 9/11/2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page