Fake Microsoft agreement is being sent out with malicious payload

Updated services agreement allows Microsoft to integrate content across cloud properties | The Verge:
http://www.theverge.com/2012/9/2/3285455/microsoft-updates-services-agreement-privacy-class-action-waiver

The EXACT same wording, the exact same look is also being sent out as a malicious document


ISC Diary | Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish:
https://isc.sans.edu/diary/Blackhole+targeting+Java+vulnerability+via+fake+Microsoft+Services+Agreement+email+phish/14020


BE CAREFUL OUT THERE!!


 

3 Thoughts on “Fake Microsoft agreement is being sent out with malicious payload

  1. While disabling JAVA will prevent this exploit, Oracle has released a security update that presumably prevents this exploit:

    http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

  2. There’s actually a new unpatched Java issue out. I wouldn’t depend on a patch this time.

  3. Bradly is correct…

    While Oracle patch released last Thursday was suppose to address the CVE-2012-4681 stated vulnerability, it did not. The same and/or similar vulnerability still exists in JAVA program, based on ISC Diary posting here:

    https://isc.sans.edu/diary/Not+so+fast+Java+7+Update+7+critical+vulnerability+discovered+in+less+than+24+hours/14017

Post Navigation