Unusually high bill demand tricks users into installing malware on their machines
Security firm Websense is warning AT&T customers to be on their guard after it detected a huge phishing campaign masquerading as a billing email.
The scam is said to have targeted 200,000 customers with the email demanding outstanding payment of hundreds of dollars. Security experts at Websense said a bill that high could trick many users into clicking the link.
Those who do click the link will be redirected to a compromised web server, which in turn redirects the user’s browser to a blackhole exploit kit. Malware is then installed on the user’s machine.
Worryingly the malware is not being picked up by most antivirus products, meaning many users will be at risk of their machine being infected. According to Websense, the malware "drops files into the Application Data and Temp folders, and then injects code into other processes running on the computer, for example Internet Explorer and Adobe Reader." After that it connects with a botnet to receive instructions on what to do next.
As with all email scams, the advice is to be wary of clicking any links contained within the email. Copy and pasting the link into your browser will reveal the true web address you are being redirected to – if it is not the service you were expecting, don’t access the site.
The malware is thought to belong to the Zeus family of malware, which has infected around 13 million computers worldwide, and stolen banking information. Earlier this year Microsoft announced it led a group of companies in the takedown of botnets pushing the Zeus malware. Servers in Scranton, Pennsylvania and Lombard, Illinois were targeted.