Hackers are distributing rogue email notifications about changes in Microsoft's Services Agreement to trick people into visiting malicious pages that use a recently circulated Java exploit
to infect their computers with malware.
"We're receiving multiple reports of a phishing campaign using the template from a legitimate Microsoft email regarding Important Changes to Microsoft Services Agreement and Communication Preferences," Russ McRee, security incident handler at the SANS Internet Storm Center, said Saturday in a blog post
The rogue email messages are copies of legitimate notifications that Microsoft sent out to users to announce changes to the company's Services Agreement
that will take effect Oct. 19.