Fake Outlook Web Access update sets malware trap

Websense Security Labs has detected a new wave of attack emails aimed at fooling users of Microsoft's Outlook Web Access into clicking through to a malicious website
Written by Carly Newman, Contributor

Analysts at Websense Security Labs have detected a wave of attacks directed at people who use Microsoft's Outlook Web Access.

The web security company said on Wednesday that it has seen upwards of 30,000 emails an hour directing users of the web-based email software to click on a link to update their mailbox settings as part of a 'security upgrade'. In fact, the link takes them to a site that contains malware.

According to Websense, the emails are convincing because they are personalised to include the victim's email address. In addition, the malicious website is spoofed to include the targeted domain name, and the URL on the emails looks like it should lead to the user's particular Outlook Web Access site.

"The victim's domain name and email address are also used in a number of locations on the malicious site to make it that much more believable," Websense said in its security advisory.

The malicious site installs the Zbot Trojan on the computer, Websense's security research manager Patrick Runald said.

Graham Cluley, senior technology consultant at Sophos, said on Friday that the security company had also detected a spate of malicious emails aimed at Outlook Web Access users. "In the last few days, there appears to have been a very active campaign," he said.

Spoof Outlook

The fake Outlook Web Access site includes references to the potential victim's own email address and domain, according to Websense
Editorial standards