Microsoft Corp. is one of the favourite targets of malware creators because of the ubiquity of the company's software. According to a report carried by ComputerWorld U.S.
, another phishing attack has been issued leveraging Microsoft's name, one that corporate IT managers need to be aware of.
This involves a phony email claiming that changes are being made to the Microsoft Services Agreement
and based on a legitimate email (below) sent out Aug. 27. The phony email sends readers via a hyperlink to a Web site infected with the Blackhole Java
It also suggests IT departments consider disabling Java until the next update is released. That was also recommended last week after a report that the Blackhole tookit now includes a Java exploit.
Experts warn of Java exploit
As for what's in new new (legitimate) agreement, see this report from The Verge
. One change might be viewed as benign. However, note that those who agree also lose their right to go after Microsoft over disputes in class actions. Instead they'll have to go to arbitration.