你在这里

Security Alert: Onslaught of fake Microsoft patch spam

Forums: 

最近发现伪装成微软重大更新的垃圾信件,又是利用社交工程(Social engineering)的一个例子。当你点击该信件中的连结时,其会连结到某看似合法购物网站;也会带你到某有害网站,此有害网站的 URL 通常有包含 update.microsoft.com,但其真正域名是属于另一个网域。 我常常收到一封伪装为 google mail, 用以诈骗你的 google 帐号,其信件原文如下:

Dear Google AdWords Customer, We were unable to process your payment. Your ads will be suspended soon unless we can process your payment. To prevent your ads from being suspended, please update your payment information. Please sign in to your account at http ://adwords.google.com/select/login, and update your payment information.

--------------------------------------------------------------------------------------------
This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message.
--------------------------------------------------------------------------------------------
2008 Google Adwords

仔细看上面的 Link,虽然显示是连到 http://adwords.google.com/select/login,但实际上是连到 http://www.adwords.google.com.XXXX.cn/select/Login,画面和 google 登入画面一模一样,是个典型的钓鱼网站,若你没有注意 URL,很容易就上当了。这类的攻击,在目前互联网上是很常见的。 关於此 Wesbsense Security Alert 原文如下:

Websense® Security LabsT ThreatSeekerT Network has discovered a substantial number of spam messages utilizing a reliable social engineering trick that lures users to download a Microsoft critical security update. The message uses an open redirect at the legitimate shopping site shopping.***.com; the redirect forwards users to a malicious URL offering to download a malicious executable. The malicious hostname is a lengthy one embedding 62 characters, and uses the sub-domain update.microsoft.com. Users who open this file will have their desktop infected with a Backdoor. Here is what the redirect looks like inside the spam messages: hXXp://shopping.***.com/go.nhn?url=hXXp%3A%2F%2Fupdate%2Emicrosoft%2Ecom%2E%2Enet An interesting trait of this particular attack is that the malicious top level domain is pointing to the government site of the United States Secret Service - The Electronic Crimes Tasks Forces Web site in an apparent attempt to work around IP reputation-based systems. We have detected email lures containing links to this site spreading rapidly through our Websense Hosted Email Security and Websense Email Security products. It is important to add that Microsoft never sends security update notifications through emails. Websense Messaging and Websense Web Security customers are protected against this attack. To view the details of this alert Click here