August 6, 2012

Fake AT&T bill Scam mails leads to Exploit

Fake AT&T bill Scam mails leads to Blackhole exploit Malware

Massive phishing campaign targeting AT&T customers. More than 200,000 fake emails are masquerading as billing information from the giant American communication services provider. Each message claims that there is a bill of a few hundreds US dollars.

As far as phishing campaigns go, these are pretty high-quality. Unlike most error-filled fraudulent emails, these use legit-looking logos, art, wording, and are free of spelling or grammar mistakes.

Scammers are pushing out malware by trying to trick users into thinking their AT&T bill is ready. Usually with the subject "Your AT&T bill is ready to be viewed" the spam claims you owe the telecom hundreds of dollars, but really you're just at risk of getting your computer infected by the Blackhole exploit kit. Clicking on the link in the bogus message sends the user to a compromised Web server that redirects the browser to a Blackhole exploit kit. As a result, malware is downloaded onto the computer that is currently not detected by most antivirus products. The malware is thought to belong to the Zeus family of malware, which has infected around 13 million computers worldwide, and stolen banking information. Earlier this year Microsoft announced it led a group of companies in the takedown of botnets pushing the Zeus malware. Servers in Scranton, Pennsylvania and Lombard, Illinois were targeted.

Worryingly the malware is not being picked up by most antivirus products, meaning many users will be at risk of their machine being infected. AT&T customers are advised to be on the lookout for such emails. They look legitimate, but the links they carry hide all sorts of websites designed to serve malware.