Fake change of email address notice from American Express is Malware
Right now, the first week of April, 2012, there is a spam run hitting our inboxes spoofing American Express, with fake change of email address notices. These messages are convincing, having stolen images from the actual American Express website.
Here is an excerpt from one which I received a couple of minutes ago:
From: "American Express"
Subject: Confirmation of email address changeThanks for updating your email address
We changed your e-mail address in our files to {spoofed or harvested email account}. If the new e-mail address is not correct or you did not request this change, please click here,..{spoofed link leads to malware}
If you, or someone you know was unlucky enough to click on one of these links, their PC will have been attacked by a browser exploit kit. You, or they need to run a full scan for malware with up-dated definitions in your installed security program. If you have not rebooted the computer since you clicked on the hostile link, run System Restore to a previous time or day, on your Windows computer.
If you lack any installed computer security, here are some options for you to try:
- Trend Micro security programs (I use this)
- Malwarebytes Anti-Malware (I use this)
About the exploit kits
These attack kits are mostly made in Russia and all target vulnerable flaws in Java, which used to belong to Sun Corp, but now is owned by Oracle. Don't confuse Java and JavaScript; they are horses of a different color. JavaScript is an interpreted code that runs in your browser to do special feature things. Java is a compiled executable program that runs on any device (over 3 billion devices according to Oracle!). While JavaScript is used on hostile websites to probe your browser for any vulnerabilities, the actual payload it delivers is usually a Java Applet, or .JAR file. If you have an exploitable version of Java, chances are strong that your computer will become botted and have a bank account stealing Trojan installed by the hostile Java Applet.
Do I have Java?
You really need to know the answer to this, no matter what operating system your computers run on. This is serious sh_t. Go to Java.com and click on the link labeled "Do I have Java." If you do have Java installed the version will be displayed on the results page. If it is not the current version, you are exploitable and should either download the latest version and uninstall all previous versions, or just uninstall all versions of Java and be done with it. Fewer and fewer pages demand that you have Java to function. It is most often used in online games. Unless you must use Java, the safest course is to not have any version of it installed at all!
In Windows, you can uninstall Java via your Windows Control Panel, using the Add/Remove or the Programs and Features icon. Mac owners must download the patched version from Apple, using the built in Apple software updater.
The latest version of Java is Java 6 update 31.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.