Phony AT&T E-mails Notifying of Wireless Bills Serve Exploit

Researchers at Commtouch recently intercepted bulk spam mails that masquerading as wireless bills from AT&T entitled "Your wireless bill is ready to view" actually targeted innocent Internauts, published softpedia.com on April 5, 2012.

Describing huge payment dues, of almost $1,000, the fake electronic mails directed recipients to make access to 'myAT&T' via logging in, peruse their bills followed with making the disbursements of the charges. Alternatively, the recipients were asked to register immediately for continuing their accounts online. The message body then suggested readers to use their wireless telephones for dialing Pay (*729) at zero cost towards verifying their balances alternatively furnishing their payments. As for Smart-phone owners they could take down the free software from the Net for account management, the message concluded.

But, if any user follows the embedded web-links, he'll be led onto some other site that's actually compromised as also contains concealed malware, each time.

Precisely, hitting on the corrupt web-links, takes the user onto a hijacked authorized site rather than AT&T's site. This hijacked site has an exploit hidden which tries to break into the user's computer bypassing its security mechanisms. Commtouch detected the exploit as being either related to Windows Help Center or Adobe Acrobat and Reader.

Moreover, all the corrupt web-links connect with an index.html page on an authentic website, with these prefixed with arbitrary characters like 6D9UsT0U, ZyfyoPoh, or CrdtoUx7. The web-links don't take onto actual AT&T sites, hence, the e-mail notifications can be instantly recognized as malevolent.

Meanwhile, recipients who aren't certain about the genuineness of the e-mail reaching them must brush the mouse on top of the web-links. If the web-links show the AT&T URL then the associated e-mails are real. Moreover, genuine e-mails will have an identical URL (e.g. the 'att.com' URL) in all the places mentioned in the messages whereas fake e-mails will show different URLs in different places.

Conclusively, security specialists suggest users that when they receive an e-mail which seemingly an organization sent with which they've business relations, and particularly if that e-mail appears as talking about a troublesome issue, then they must directly visit that organization's website.

Related article: PM’s Official Web Site Targeted By Hackers

» SPAMfighter News - 4/14/2012