MANILA, Philippines - Engineers from TrendLabs, the research laboratory of security firm Trend Micro, have discovered the source of a targeted e-mail attack detected in the wild over the last two weeks.
The attack involved e-mail messages sent through Hotmail, where a previously unpatched vulnerability in its content filtering mechanism was exploited through the use of a malicious e-mail message identified as HTML_AGENT.SMJ. This e-mail message pretended to come from the Facebook Security Team.
Targeted users of the attack receive seemingly innocuous e-mail messages that contain an embedded script, which automatically executes when the user opens the e-mail. The embedded e-mail script then connects to a specific website that downloads another script, JS_AGENT.SMJ.
This last script captures all of the affected users’ e-mails and forwards them to another e-mail address. It continues to forward messages from targeted users to the author of the malware until the user logs out of their webmail.
Microsoft has already updated Hotmail to fix the vulnerability but not before cybercriminals have found a way to take advantage of it.
TrendLabs threat response engineer Karl Dominguez said employees who open their personal Hotmail accounts in their offices risk exposing their corporate data to the attack. Among the information that can be stolen are contacts, other log-in credentials, and confidential corporate messages.
Dominguez stressed that companies must also take steps in ensuring that their networks are safe from outside attacks. Cybercriminals are using social engineering to exploit the curiosity and love for social networking sites of office workers in order to gain access to more important corporate data.
“Always patch your browsers, applications, and operating systems; update your security software regularly; only access trustworthy websites; disable scripting or limit it to trustworthy sites; use alternative browsers; and always use original software. These are the most important things that should be remembered in our fight against cybercriminals,” Dominguez said.