New Trojan malware cocktail targets Microsoft Outlook Web Access users

Hackers using Exploit.HTML.Agent.AM, Trojan.SWF.Dropper.E, Trojan.Spy.ZBot.EKF, Exploit.PDF-JS.Gen

Users of Microsoft Outlook Web Access have been warned of a new malware threat which includes the Trojan.SWF.Dropper.E.

According to BitDefender, an unsolicited message directs users to apply a new set of settings to their mailboxes to update several ‘security upgrades’ that have been applied.

The link in the e-mail leads to a legitimate-looking page which instructs users to download and launch an executable file that claims to update their e-mail settings.

“Instead, they receive a potent malware cocktail, including Trojan.SWF.Dropper.E, a generic detection name for a family of Trojans sharing similar behaviour,” an alert from the company reads.

“They are Flash files, which usually do not display any relevant images/animations, but drop and execute various malware files (by exploiting Adobe Shockwave Flash vulnerability). The dropped files may be subject to change and different variants can drop and execute different malware programs.”

According to the company the same of Microsoft Outlook Web Access attack also includes the Trojan.Spy.ZBot.EKF which injects code into several processes and adds exceptions to the Microsoft Windows Firewall, providing backdoor and server capabilities.

Exploit.HTML.Agent.AM is also present and uses flash-object vulnerabilities that allow arbitrary code execution by loading a specially crafted flash object into a Web page.

Exploit.PDF-JS.Gen, a generic detection for specially crafted PDF files which exploit different vulnerabilities found in Adobe PDF Reader's Javascript engine, allows hackers to execute malicious code on user's computer, BitDefender says.

Join the newsletter!

Error: Please check your email address.

Tags securityhackersexploits and vulnerabilities

More about Adobe SystemsBitDefenderMicrosoft

Show Comments