Threat Management, Malware, Phishing, Vulnerability Management

Phishing emails spoof WebEx invites, abuse Cisco open redirect

That WebEx meeting invite you just received may actually be a phishing email that spreads the WarZone remote access trojan by abusing a Cisco open redirect.

An open redirect is an app or website vulnerability -- caused by improper authentication of URLs -- that allows attackers to introduce their own URLs that route users or visitors to a malicious website. Researcher Alex Lanstein discovered the campaign last week and on Nov. 6 issued a tweet explaining how the scam works.

"Pretty slick webex phish/spoof... leverages what appears to be a redirect service on Cisco's page to redirect to the malware (called webex.exe)" wrote Lanstein, whose tweeted was previously spotted and reported by BleepingComputer's Lawrence Abrams.

Victims of this scam receive a convincing-looking meeting invitation, replete with a meeting number, password and time. There is also a "Join Meeting" button, just as there would be had they received a genuine invitation.

Normally, users who click this button are routed to a site and subsequently prompted to download the official WebEx client. But by abusing the Cisco open redirect, the attackers instead send victims to a site that downloads WarZone as a malicious payload, disguised as a webex.exe executable.

According to BleepingComputer, WarZone can download and execute software, execute commands, take over webcams, delete files, enable Remote Desktop Services and VNS for remote access, log keystrokes and steal Firefox and Chrome passwords.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.