Experts at SophosLabs have discovered that cybercriminals have taken advantage of the critical zero-day flaw vulnerability in Java, sending out malicious emails which pretend to come from an accountancy firm announcing a rise in the tax rate.
Unsuspecting internet users who click on links contained inside the email - perhaps concerned that there has been a rise in the VAT rate - risk instantly infecting their computers.
SophosLabs discovered the email in one of its global network of spamtraps. The email purported to be from the Dutch branch of the accountancy firm BDO Stoy Hayward: [Screenshot]
Of course, the email doesn't really come from the accountancy firm. A closer look discovers that it has been sent from a hosting provider in the Netherlands:
Continued : http://nakedsecurity.sophos.com/2012/08/30/zero-day-java-flaw-exploited-tax-email/
Also from Sophos: How to turn off Java on your browser - and why you should do it now