alik_05
09-26-2005, 06:25 PM
Spoof email tricks AOL users - [Computer Security]
An email scam is targeting AOL customers in an attempt to steal personal details, according to web monitoring company Websense.
Users receive a spoofed email purporting to come from the security department at AOL claiming that the company suffered a security breach over the weekend and that confidential information may have been compromised.
The email also requests users to connect to a website to download and install a new 'security patch', which will 'protect their information'. The spoofed message reads:
'Failure to download this security patch in the next 48 hours will result in the temporary suspension of your America Online account. At this point we will send you a Security Patch CD in the mail. Upon installing it, your account will be reactivated.'
When users click on the link, they are redirected to a website hosted in Scotland which downloads a piece of malicious code, named patch.scr, written in Visual Basic and using Yoda Crypt.
When the file is run, a wizard opens to guide users through the disclosure of their confidential account and billing information, including their account limit. Once this information is obtained, it is sent in a text file via FTP to an account at a hosting facility.
Ross Paul, product marketing manager at Websense, said: "This is a blended threat that we haven't seen before. It combines the threat of a security breach with a link to a download that masquerades as a patch but in fact requests sensitive user information.
"The kind of questions it asks should alert you to the fraud because your provider already has those details."
An email scam is targeting AOL customers in an attempt to steal personal details, according to web monitoring company Websense.
Users receive a spoofed email purporting to come from the security department at AOL claiming that the company suffered a security breach over the weekend and that confidential information may have been compromised.
The email also requests users to connect to a website to download and install a new 'security patch', which will 'protect their information'. The spoofed message reads:
'Failure to download this security patch in the next 48 hours will result in the temporary suspension of your America Online account. At this point we will send you a Security Patch CD in the mail. Upon installing it, your account will be reactivated.'
When users click on the link, they are redirected to a website hosted in Scotland which downloads a piece of malicious code, named patch.scr, written in Visual Basic and using Yoda Crypt.
When the file is run, a wizard opens to guide users through the disclosure of their confidential account and billing information, including their account limit. Once this information is obtained, it is sent in a text file via FTP to an account at a hosting facility.
Ross Paul, product marketing manager at Websense, said: "This is a blended threat that we haven't seen before. It combines the threat of a security breach with a link to a download that masquerades as a patch but in fact requests sensitive user information.
"The kind of questions it asks should alert you to the fraud because your provider already has those details."