Major attack targets Microsoft Outlook Web Access

By on
Major attack targets Microsoft Outlook Web Access

Websense has warned that a major attack has been detected against Microsoft's Outlook Web Access service.

The internet monitoring firm said that it is seeing around 30,000 emails a day which urge users to visit a web site and download a security update file, which in fact contains malware.

The email message reads: 'We are informing you that, because of the security upgrade of the mailing service, your mailbox settings were changed. In order to apply the new set of settings click on the following link.'

What makes the attack unusual is a high level of personalisation. The page that loads when the recipient clicks on the link is very convincing because it uses the victim's email address and domain name.

"We have seen customisation like this before, but it is not very common. As the angle is Outlook Web Access, a corporate/enterprise system, it is very likely that the targets are primarily corporations," said Websense.

"Websense Security Labs has seen a rise in banking Trojans targeting corporations because, not only do those accounts have more money in them, they can typically also do international wire transfers directly from the online banking system."

The malware makes the PC part of the Zbot botnet and allows full remote control by the botnet controller.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
access attack banking outlook security software web

Partner Content

Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back

Sponsored Whitepapers

F5’s 2025 Report: Unlocking AI Success by Conquering App & API Complexity
F5’s 2025 Report: Unlocking AI Success by Conquering App & API Complexity
Driving Innovation and Sustainability through Hybrid IT and AI Solutions
Driving Innovation and Sustainability through Hybrid IT and AI Solutions
Easing the burden of Microsoft CSP management
Easing the burden of Microsoft CSP management
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan

Events

techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025
techpartner.news Benchmark Security Awards 2025
techpartner.news Benchmark Security Awards 2025

Most read articles

NEXTGEN "realigns" structure

NEXTGEN "realigns" structure
Ingram Micro "grateful" for customers' support during cybersecurity incident

Ingram Micro "grateful" for customers' support during cybersecurity incident
The Aussie startup building an integration platform for MSPs and SIs

The Aussie startup building an integration platform for MSPs and SIs
Atturra's FY25 revenue to exceed $300m

Atturra's FY25 revenue to exceed $300m

Log in

Email:
Password:
  |  Forgot your password?