Websense Reports New Microsoft Outlook Web Access-Based Malware Scam IT News Online Staff 2009-10-15
Websense Inc. announced yesterday that the Websense Security Labs ThreatSeeker Network has discovered a new wave of malicious attacks claiming to be an update for Microsoft Outlook Web Access (OWA).
Victims receive a message leading to a site to apply mailbox settings which were supposedly changed due to a "security upgrade".
Websense said the especially dangerous thing about these messages is that they are very deceiving. The messages and attack pages are personalized for the To: email address to imply the message is being sent from tech support of the domain.
The URL in the email looks like it leads to the company's own OWA system. Websense said it has seen upwards of 30,000 of these messages per hour and they have low AV detection.
The malicious site is also very believable. The victim's domain is used as a sub-domain to the site so that the attack site appears to be the victim's actual OWA site. The victim's domain name and email address are also used in a number of locations on the malicious site to make it that much more believable.
Websense said Websense Messaging and Websense Web Security customers are protected against this attack.
