Trend Micro fraud analysts were recently alerted to the discovery of a new phishing campaign that specifically targets AOL Instant Messenger (AIM) users.

The spammed message purports to be from AIM and urges recipients to download and execute the latest AIM version to reactivate their currently inactive accounts.

This becomes a problem if the receivers actually have AIM accounts, as they may be tricked into clicking the link, http://{BLOCKED}update.aol.com.yhff13.com.pl/products/aimController.php?code=826954935720939660939448
039218184173&email=angelan@bc4.so-net.ne.jp. The end result may be the loss of pertinent personal information or, worse, their identities. Instead of getting an actual application update, the link leads to a spoofed AIM website.

Users who land on the phishing page are then prompted to download the malicious file aimupdate_7.1.6.475.exe, which has been detected by Trend Micro as TSPY_ZBOT.JF, which injects threads into certain normal processes. Like its ZBOT predecessors, it also attempts to access a website to update its list of target banks and other financial institutions, which it then sends to a remote site.

Trend Micro™ Smart Protection Network™ protects users from this attack by blocking the spammed messages, preventing user access to malicious sites, and detecting and blocking the download of malicious files.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!