Websense has warned that a major attack has been detected against Microsoft's Outlook Web Access service.
The internet monitoring firm said that it is seeing around 30,000 emails a day which urge users to visit a web site and download a security update file, which in fact contains malware.
The email message reads: 'We are informing you that, because of the security upgrade of the mailing service, your mailbox settings were changed. In order to apply the new set of settings click on the following link.'
What makes the attack unusual is a high level of personalisation. The page that loads when the recipient clicks on the link is very convincing because it uses the victim's email address and domain name.
"We have seen customisation like this before, but it is not very common. As the angle is Outlook Web Access, a corporate/enterprise system, it is very likely that the targets are primarily corporations," said Websense.
"Websense Security Labs has seen a rise in banking Trojans targeting corporations because, not only do those accounts have more money in them, they can typically also do international wire transfers directly from the online banking system."
The malware makes the PC part of the Zbot botnet and allows full remote control by the botnet controller.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software