Scam Alert: AT&T Message Delivering Malware

Large outbreaks of phony AT&T wireless emails have been distributed in the past two days

April 5, 2012

2 Min Read


Large outbreaks of phony AT&T wireless emails have been distributed in the last two days. The emails describe very large balances ($943 in the example below), that are sure to get aggravated customers clicking on the included links.

Every link in the email leads to a different compromised site with malware hidden inside. In the example below this means nine (!) different URLS – most emails with links to email limit themselves to one or two links.

The links all follow a similar pattern as shown below:





The pattern is: // The index.html file tries to exploit at least the following known vulnerabilities: · Libtiff integer overflow in Adobe Reader and Acrobat CVE-2010-0188 · Help Center URL Validation Vulnerability CVE-2010-1885 Recipients who are unsure whether the email they have received is genuine or not (the malicious version is a very accurate copy) should mouse-over the links. Genuine emails from AT&T will include AT&T website links. For example the "" link will be the same in both places that it appears in the email – unlike the malicious version which uses two very different URLs. Email Text: Dear Customer, Your monthly wireless bill for your account is now available online. Total Balance Due: $943.01 Log in to myAT&T to view your bill and make a payment. Or register now to manage your account online. By dialing *PAY (*729) from your wireless phone, you can check your balance or make a payment - it's free. Smartphone users: download the free app to manage your account anywhere, anytime. Thank you, AT&T Online Services

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights