14 DAY TRIAL // Security researchers warn of a new phishing campaign that looks to steal e-mail accounts from Outlook users. Users are falsely informed that their e-mail client needs to be re-configured online on a fake page under the control of the attackers. A related malware distribution attack has also been reported.
The offending e-mails, with a subject of "Microsoft Outlook Notification," come from a spoofed address and their content reads "You have (1) New Message from Outlook Microsoft. Please re-configure your Microsoft Outlook again. Click on the link below." The included link points to a phishing page with a fake form asking for things such as POP3 or IMAP server, SMTP server, account name and password.
"Interestingly, the domain hosting the bogus webpage was also used earlier this week in a more traditional banking phishing campaign, targeting the Commonwealth Bank of Australia," notes Graham Cluley, senior technology consultant at antivirus vendor Sophos.
Speaking of the same attack, Sarah Calaunan, fraud analyst at Trend Micro, explains that "Unlike micro-blogging, social networking, or even banking accounts, a user name and password is not enough to take full control of an email account. Mail server information is also necessary, which explains the need for them in the phishing page."
Another Sophos security researcher, Savio Lau, documents a spin-off on this phishing campaign, which attempts to infect users with scareware. The malicious e-mails used in this malware distribution attack are almost identical to the phishing ones, with the difference being that they instruct users to "Download attached setup file and install" instead.
The attachment is a Zip archive file called "micr__outlook_update_6556.zip" and contains the installer for a rogue security application, which Sophos detects as Mal/FakeVirPk-A. "Judging from the detection name, the zip file likely includes a program associated with the Fake Antivirus packages that have been causing headaches for some time," concludes Mr. Lau.
