Websense researchers recently came across more than 200,000 fake AT&T billing e-mails that link to a site hosting the Blackhole exploit kit. "As a result, malware is downloaded onto the computer that is currently not detected by most antivirus products," writes Websense security researcher Tamas Rudnai.
"Once the victim's machine has been compromised, the malware injects itself into some running processes and then contacts a remote server that's part of a botnet," writes Threatpost's Dennis Fisher. "Rudnai said in his analysis that the malware used in the attack looks like it's a variant of the Zeus family. There are a slew of Zeus versions out there, including some custom variants, and most of them are recognized by antimalware systems. But this one is only caught by about 25 percent of the products used by Virus Total, meaning it could be new."
"As far as phishing campaigns go, these are pretty high-quality," writes PCMag.com's Sara Yin. "Unlike most error-filled fraudulent emails, these use legit-looking logos, art, wording, and are free of spelling or grammar mistakes. The biggest tell-tale sign is a bill amount of several hundred U.S. dollars, though sometimes a crazy sum can alarm a user enough to keep clicking for more infomration. Another is that the email addresses you as 'Dear Customer' or 'Dear Valued Customer' rather than your name."
"As with all email scams, the advice is to be wary of clicking any links contained within the email," writes Computer Business Review's Steve Evans. "Copy and pasting the link into your browser will reveal the true web address you are being redirected to -- if it is not the service you were expecting, don't access the site."