Microsoft Phishing Messages Come From Kaspersky Email Address
Kaspersky published two advisories on Monday to warn customers about a vulnerability that can lead to unbootable systems and a phishing campaign involving messages sent from a Kaspersky email address.
The vulnerability, reported to the cybersecurity firm by researcher Abdelhamid Naceri through Trend Micro’s Zero Day Initiative (ZDI), affects the Windows versions of Kaspersky Anti-Virus, Internet Security, Total Security, Small Office Security, Security Cloud, and Endpoint Security products.
The issue, tracked as CVE-2021-35053, is related to Firefox and it can be exploited for denial-of-service (DoS) attacks.
“Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable,” Kaspersky explained in an advisory.
The company has released patches for each of the impacted products. ZDI has yet to publish an advisory describing this vulnerability, but it’s worth noting that the firm is preparing three advisories for vulnerabilities discovered by Naceri in Kaspersky products in August.
Phishing messages sent from Kaspersky email address
Kaspersky warned on Monday that a recent spear-phishing campaign targeting Office 365 credentials involved emails apparently sent by the company. The phishing emails inform recipients about a new fax and they are designed to lure users to websites set up to phish Microsoft credentials.
“These phishing attempts rely on a phishing kit we named ‘Iamtheboss’ used in conjunction with another phishing kit known as ‘MIRCBOOT’,” Kaspersky explained. “The activity may be associated with multiple cybercriminals.”
Some of these emails come from the address “noreply(at)sm.kaspersky.com.” An investigation revealed that the emails were sent using Amazon’s Simple Email Service (SES) and a legitimate SES token that was issued to a third-party during the testing of Kaspersky’s 2050.earth website, which is hosted by Amazon. The site is “about the future as seen through the eyes of futurologists, scientists, and Internet users from all corners of the globe.”
“Upon discovery of these phishing attacks, the SES token was immediately revoked. No server compromise, unauthorized database access or any other malicious activity was found at 2050.earth and associated services,” Kaspersky said.
Related: Kaspersky Password Manager Generated Passwords That Could Quickly Be Brute-Forced
Related: Vulnerabilities Disclosed in Kaspersky, Trend Micro Products
Related: Kaspersky: Exploits for MS Office Flaws Most Popular in Q1 2021