Websense has detected a massive phishing campaign targeting AT&T customers. More than 200,000 fake emails are masquerading as billing information from the giant American communication services provider. Each message claims that there is a bill of a few hundreds US dollars.
Clicking on the link in the bogus message sends the user to a compromised Web server that redirects the browser to a Blackhole exploit kit.
After successfully exploiting the vulnerability in the visitors' computer ,it serves malware that is currently detected by only a third of the antivirus products used by VirusTotal.
ThreatScope analysis, part of our CSI service, shows that the malware is part of the Cridex family. It drops files into the Application Data and Temp folders, and then injects code into other processes running on the computer, for example Internet Explorer and Adobe Reader. After this, it accesses a Bot network where the attacker can instruct the malware to take further actions.
