A massive phishing campaign masquerading as billing information from the telecom giant has been targeting its customers in the last few days:
The email shows the recipient owing several hundred US dollars, and this might spur some of them to follow the offered link before checking whether the target Web address seems legitimate.
Unfortunately for them, the landing page is one that has nothing to do with AT&T. Instead it is a compromised page hosting the Blackhole exploit kit, which – if successful in exploiting a vulnerability in the visitors’ computer – serves malware that is currently detected by only a third of the antivirus products used by VirusTotal.
According to Websense, the malware belongs to the Zeus banking Trojan family.