Cybercriminals in the United Kingdom this week have launched two separate but similar scams intent on gaining access to users’ computers. Both scams impersonate e-mail notifications from popular British cell phone companies and both ultimately open a backdoor on the targeted computers.
E-mail notifications that appear to come from Vodafone U.K. and claim to include a picture message (MMS) have been duping users, tricking them into executing an attachment. According to Dancho Danchev over at security firm Webroot’s Threat Blog, once clicked the attachment will allow an attacker full access to the infected computer.
Similar, bogus notifications from T-Mobile are also deceiving users in the U.K. – tricking them into opening what the e-mail purports are billing information reports. Much like the fake MMS executables, once these reports are opened, a backdoor is opened for cybercriminals, allowing them to own the affected computer.
Questionable scam e-mails with even more questionable attachments are nothing new. Earlier this fall, there were a slew of fake notifications that were found leading users to download the malicious Blackhole Exploit Kit. Fake ADP and FDIC notifications, fake Craigslist notifications and fake Facebook notifications have all been seen tricking unsuspecting users into installing the kit.