{"id":955,"date":"2019-04-06T19:33:29","date_gmt":"2019-04-06T19:33:29","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=955"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"AT&T-'You-Have-a-New-Voice-Mail'-Malware-Email","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=955","title":{"rendered":"AT&#038;T &#8216;You Have a New Voice Mail&#8217; Malware Email"},"content":{"rendered":"<div>\n<h2>Outline<\/h2>\n<p>Message purporting to be from telecommunications company AT&amp;T claims that a new voicemail could not be delivered to the recipient. The email includes an attached file that supposedly contains the voicemail. \u00a0 <\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<h2>Brief Analysis<\/h2>\n<p>The message is not from AT&amp;T and the attached file does not contain a missed voicemail. Instead, the attachment harbours a malicious .exe file hidden within a .zip file. Opening the .exe file can install malware on the user&#8217;s computer.<\/p>\n<h2>Example<\/h2>\n<div class=\"example\">\n<strong>Subject: AT&amp;T &#8211; You Have a new Voice Mail<\/strong><\/p>\n<p>Manage myAT&amp;T Account<\/p>\n<p>Voicemail Message<\/p>\n<p>You have received a voicemail at 2013-19-12 35:31:25 CST.<\/p>\n<p>You are receiving this message because we were unable to deliver it, voice message did not go through because the voicemail was unavailable at that moment.<\/p>\n<p>* The reference number for this message is qvfl_cjl09-9107319601-2125579909-62.<\/p>\n<p>The length of transmission was 24 seconds.<br \/>\nThe receiving machine&#8217;s ID: YJH35-TW410-F37JZL.<\/p>\n<p>Thank you,<br \/>\nAT&amp;T Online Services<\/p>\n<p>Contact Us<br \/>\nAT&amp;T Support &#8211; quick &amp; easy support is available 24\/7.<\/p>\n<p>Receiving ID:<br \/>\nYJH35-TW410-F37JZL<\/p>\n<p>From Number(s):<\/p>\n<p>459-330-7200<\/p>\n<p><a href=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/02\/atandt-new-voice-mail-malware-1.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"24177\" data-permalink=\"https:\/\/www.hoax-slayer.net\/att-you-have-a-new-voice-mail-malware-email\/atandt-new-voice-mail-malware-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/02\/atandt-new-voice-mail-malware-1.jpg\" data-orig-size=\"590,536\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"atandt-new-voice-mail-malware-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/02\/atandt-new-voice-mail-malware-1-300x273.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/02\/atandt-new-voice-mail-malware-1.jpg\" class=\"aligncenter size-full wp-image-24177\" src=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/02\/atandt-new-voice-mail-malware-1.jpg\" alt=\"AT&amp;T Voice Mail Malware Email\" width=\"590\" height=\"536\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/02\/atandt-new-voice-mail-malware-1.jpg 590w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/02\/atandt-new-voice-mail-malware-1-300x273.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/02\/atandt-new-voice-mail-malware-1-500x454.jpg 500w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/02\/atandt-new-voice-mail-malware-1-585x531.jpg 585w\" sizes=\"(max-width: 590px) 100vw, 590px\" \/><\/a><\/div>\n<p>&nbsp;<\/p>\n<h2>Detailed Analysis<\/h2>\n<p>According to this email, which claims to be from telecommunications giant AT&amp;T, the recipient has a new voicemail. The message advises that the voicemail could not be delivered. The message includes an attached .zip file that supposedly contains a copy of the lost voicemail.<\/p>\n<p>However, the message is not from AT&amp;T and the attached file does not contain an undelivered voicemail as claimed. In fact, hidden inside the attached .zip file there is a malicious .exe file.<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block; text-align:center;\"\n     data-ad-format=\"fluid\"\n     data-ad-layout=\"in-article\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"9162856233\"><\/ins><br \/>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p> If opened, the .exe file can \u00a0<a class=\"norm\" title=\"AT&amp;T - You Have a new Voice Mail - Virus\" href=\"http:\/\/techhelplist.com\/index.php\/spam-list\/434-at-t-you-have-a-new-voice-mail-virus\">install malware<\/a> \u00a0on the user&#8217;s computer. Typically, such malware can harvest sensitive personal information from the infected computer and relay it to servers operated by online criminals. It may also allow the criminals to control the compromised computer from afar and download and install even more malware.<\/p>\n<p>This attack is similar to another malware distribution that claims that \u00a0<a class=\"norm\" title=\"WhatsApp 'New Voicemail' Malware Email\" href=\"https:\/\/www.hoax-slayer.com\/whatsapp-new-voicemail-malware-emails.shtml\">WhatsApp users have a new voicemail<\/a> \u00a0waiting. Clicking the &#8220;Play&#8221; button in the bogus email will open a malicious website that harbours malware.<\/p>\n<p>And, AT&amp;T customers have been targeted a number of times in the past via both \u00a0<a href=\"https:\/\/www.hoax-slayer.net\/att-account-limit-exceeded-phishing-scam\/\">phishing<\/a> \u00a0and \u00a0<a href=\"https:\/\/www.hoax-slayer.net\/fake-att-bill-emails-point-to-malware\/\">malware<\/a> \u00a0emails.<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/att-you-have-a-new-voice-mail-malware-email\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/att-you-have-a-new-voice-mail-malware-email\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline Message purporting to be from telecommunications company AT&amp;T claims that a new voicemail could not be delivered to the recipient. The email includes an attached file that supposedly contains the voicemail. \u00a0 Brief Analysis The message is not from AT&amp;T and the attached file does not contain a missed voicemail. Instead, the attachment harbours [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-955","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/955"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=955"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/955\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=955"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=955"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=955"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}