US-CERT is aware of public reports indicating that attackers are using legitimate web pages to run malicious code on victims’ machines.
Reports, including a posting by Sophos, indicate that these messages
- Include keywords and names related to the 9/11/2001 terrorist…
Read more at: US-CERT Current Activity
US-CERT is aware of public reports indicating that attackers are using legitimate web pages to run malicious code on victims’ machines.
Reports, including a posting by Sophos, indicate that these messages
- Include keywords and names related to the 9/11/2001 terrorist attack
- Prompt users with a fake virus scan that attempts to make users believe they have a security issue. The users are then asked to download fake security software that is actually malicious code.
Please note that these characteristics may change at any time.
US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:
- Install anti-virus software, and keep its virus signature file up to date
- Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks
Read more at: US-CERT Current Activity