Outlook Web Access users within enterprise organisations are being targeted by a sophisticated phishing attack aimed at getting users to download a Trojan designed to steal financial and account information.
"It started yesterday, with more than 50 customers of ours receiving this email and we've been targeted ourselves," says Mickey Boodaei, CEO of security firm Trusteer.
The email-based attack is customised to fool employees in each enterprise it's sent to, with the "from" address appearing to come from within the enterprise, asking the recipient on behalf of the systems administrator to modify their email settings for Outlook Webmail as a result of an upgrade.
Though the link appears to be to the enterprise Outlook Web Access site, it's actually a website in Chile, Columbia, Romania or Russia that's craftily trying to get the victim to download a file that's the dangerous Zeus/Zbot Trojan, says Boodaei.
The Zeus Trojan is well-known—it's part of the fake IRS website email scam sweeping into mailboxes at present.
Using an isolated computer, Trusteer downloaded the Zeus Trojan to see how it would work in the case of these phishing messages and found the attack involves keeping track of what everyone who receives it might do.
"It even sends a follow-up email that says "you didn't complete the process,'" Boodaei notes.
Trusteer points out that warding off this type of attack against employees entails educating them about phishing and blocking download of executable and zip files from the web.