Home Malware AT&T ‘You Have a New Voice Mail’ Malware Email
Malware

AT&T ‘You Have a New Voice Mail’ Malware Email

written by Brett M. Christensen December 20, 2013
Warning Sign - Malware Ahead

Outline

Message purporting to be from telecommunications company AT&T claims that a new voicemail could not be delivered to the recipient. The email includes an attached file that supposedly contains the voicemail. 

Brief Analysis

The message is not from AT&T and the attached file does not contain a missed voicemail. Instead, the attachment harbours a malicious .exe file hidden within a .zip file. Opening the .exe file can install malware on the user’s computer.

Example

Subject: AT&T – You Have a new Voice Mail

Manage myAT&T Account

Voicemail Message

You have received a voicemail at 2013-19-12 35:31:25 CST.

You are receiving this message because we were unable to deliver it, voice message did not go through because the voicemail was unavailable at that moment.

* The reference number for this message is qvfl_cjl09-9107319601-2125579909-62.

The length of transmission was 24 seconds.
The receiving machine’s ID: YJH35-TW410-F37JZL.

Thank you,
AT&T Online Services

Contact Us
AT&T Support – quick & easy support is available 24/7.

Receiving ID:
YJH35-TW410-F37JZL

From Number(s):

459-330-7200

AT&T Voice Mail Malware Email

 

Detailed Analysis

According to this email, which claims to be from telecommunications giant AT&T, the recipient has a new voicemail. The message advises that the voicemail could not be delivered. The message includes an attached .zip file that supposedly contains a copy of the lost voicemail.

However, the message is not from AT&T and the attached file does not contain an undelivered voicemail as claimed. In fact, hidden inside the attached .zip file there is a malicious .exe file.

If opened, the .exe file can install malware on the user’s computer. Typically, such malware can harvest sensitive personal information from the infected computer and relay it to servers operated by online criminals. It may also allow the criminals to control the compromised computer from afar and download and install even more malware.

This attack is similar to another malware distribution that claims that WhatsApp users have a new voicemail waiting. Clicking the “Play” button in the bogus email will open a malicious website that harbours malware.

And, AT&T customers have been targeted a number of times in the past via both phishing and malware emails.

 

Since you’ve read this far…

…can I ask you for a big favour?

To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.

If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.

You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.

Thank-you.
Brett Christensen