Fake American Express Alerts
Right now we are seeing fake American Express account alerts. The alerts look very real, and will trick the user into clicking on a link that may lead to malware. As many of these attacks, the exact destination will heavily depend on the browser used.
Antivirus does recognize the intermediate scripts as malicious and should warn the user if configured to inspect web content.
(click on image for full size)
------
Johannes B. Ullrich, Ph.D.
Keywords: americanexpress amex
5 comment(s)
My next class:
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
![modal content]()
Diary Archives
Comments
links go to cracked sites. simple html file calls 3 javascript files hosted at more cracked sites.
those js scripts just redirect to a 3rd site, that does user agent detection at least and can send you an obfuscated js html response, try to run a java applet and maybe redirect to yet another site.
the "moneygram payment notification" malware series followed up the same thing with a fake Adobe flash player download for a zbot trojan.
http://techhelplist.com/index.php/spam-list/292-payment-notification-email-fake-moneygram-with-malware
Anonymous
Aug 2nd 2013
1 decade ago
Anonymous
Aug 2nd 2013
1 decade ago
Anonymous
Aug 2nd 2013
1 decade ago
Anonymous
Aug 2nd 2013
1 decade ago
The links we saw within the email all pointed to a number of Italy domains (.it). Searching on Pastebin (http://pastebin.com/TJc6wwjN), I found a post listing the sites as being compromised back in June.
Anonymous
Aug 2nd 2013
1 decade ago