Hot on the heels of the Patch Tuesday announcements yesterday (see blog
or links to vulnerability assessment pages
), came the announcement
of a new zero-day in Internet Explorer (CVE-2010-0806
Whilst checking through some URLs supposedly serving up malicious code to exploit this vulnerability, I noticed a link to some spam runs from earlier in the week. On March 8th SophosLabs saw spam messages attempting to trick the recipient into visiting rogue web pages. Messages used at least two social engineering tricks to lure victims into clicking the malicious link.
- the tried and tested “delivery failed, please confirm address details” messages
- request for details confirmation for insurance quote