Scam Alert: AT&T Message Delivering Malware

PRESS RELEASE

Large outbreaks of phony AT&T wireless emails have been distributed in the last two days. The emails describe very large balances ($943 in the example below), that are sure to get aggravated customers clicking on the included links.

Every link in the email leads to a different compromised site with malware hidden inside. In the example below this means nine (!) different URLS – most emails with links to email limit themselves to one or two links.

The links all follow a similar pattern as shown below:

· http://angelicascakes.com/mem-Jj4e/index.html

· http://decoragyn.com.br/mem-Jj4e/index.html

· http://www.databytez.com/Zyfyo-oh/index.html

· http://www.ncusinagem.com.br/Zyfyo-oh/index.html

The pattern is: // The index.html file tries to exploit at least the following known vulnerabilities: · Libtiff integer overflow in Adobe Reader and Acrobat CVE-2010-0188 · Help Center URL Validation Vulnerability CVE-2010-1885 Recipients who are unsure whether the email they have received is genuine or not (the malicious version is a very accurate copy) should mouse-over the links. Genuine emails from AT&T will include AT&T website links. For example the "att.com" link will be the same in both places that it appears in the email – unlike the malicious version which uses two very different URLs. Email Text: Dear Customer, Your monthly wireless bill for your account is now available online. Total Balance Due: $943.01 Log in to myAT&T to view your bill and make a payment. Or register now to manage your account online. By dialing *PAY (*729) from your wireless phone, you can check your balance or make a payment - it's free. Smartphone users: download the free app to manage your account anywhere, anytime. Thank you, AT&T Online Services