We are monitoring new malicious attacks that look similar to the fake "Microsoft Outlook reconfigure" spam campaign messages we have been observing for the last couple of months. That malicious campaign was followed by attacks on social networking sites, transforming from malicious code attacks into URL-based phishing attacks. These new attacks have similar traits, such as the spoofed “From” headers, which aggressively target and baffle enterprise users, and a subject line that is intended to cause panic (for obvious reasons—have a look at the example image below).
As seen in the message above, the mail attachment is a zipped file named “utility.zip” that extracts an executable detected as Trojan.Dropper by Symantec antivirus. Using...
Symantec recently reported a malicious spam campaign against Facebook, which is now accompanied by a phishing attack. These messages look like an official Facebook invite or password reset confirmation mail.
If we place the cursor over the update button in the message, we can actually see the phishing URL in the status bar. If a user clicks on the “Update” button, he or she is redirected to a Facebook look-alike phishing site. Here, users are asked to enter a password to complete the update procedure. Unfortunately, the user’s password will be stolen if they try to log in on this page.
These attacks can be identified by the subject lines listed below:
Facebook account update
New login system
Facebook Update tool
