bit-tech.net

Websense warns over OWA attack

Websense warns over OWA attack

Websense is warning users that sophisticated e-mails targeting Outlook Web Access users are doing the rounds.

Computer security firm Websense has warned of a major attack which is currently underway against Outlook Web Access portals, designed to worm its way into corporate networks.

The attack is described over in a Computeractive report as taking the form of a phishing-style e-mail - currently being filtered by Websense in quantities of 30,000 per day - which claims to alert users that "because of the security upgrade of the mailing service, your mailbox settings were changed."

The payload comes as part of a link which encourages uses to "apply the new set of settings" by clicking on a link, which installs a malware package making the computer a part of the Zbot botnet - and allowing the attacker full control over the system so infected.

While phishing e-mails - even ones with a Trojan payload such as this - are not uncommon, Websense claims that it is the level of sophistication - plus its clear targeting of corporations through its pretense of being an Outlook Web Access message - which makes this particular example stand out. Claiming to have seen "customisation like this before, but it is not very common" Websense has stated that "as the angle is Outlook Web Access, a corporate/enterprise system, it is very likely that the targets are primarily corporations."

The most likely explanation for the virulent attack is, as always, greed: the Trojan used is often utilised by ne'er-do-wells in order to retrieve banking details - with Websense stating that this latest attack is the continuation of "a rise in banking Trojans targeting corporations because, not only do those accounts have more money in them, they can typically also do international wire transfers directly from the online banking system."

So far, the only true defense against this sort of attack is user eduction - ensuring that users are trained not to click on suspicious links or attachments, and making sure that official communications of this nature are carried out offline rather than online.

Do you believe that this represents a worrying new trend, or do most corporations have enough security in place to protect them against this sort of attack? Share your thoughts over in the forums.

2 Comments

Discuss in the forums Reply
SlickGnome 19th October 2009, 15:49 Quote
I actually run Websense filtering (unfortunately) at work and we have been getting pounded by this for almost a week now. Have seen about 5-6 major variants all with the same install.zip attachment.
Bursar 19th October 2009, 18:25 Quote
I must get about a dozen of these a day in my personal email as well.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums