Users receive a spoofed email purporting to come from the security department at AOL claiming that the company suffered a security breach over the weekend and that confidential information may have been compromised.
The email also requests users to connect to a website to download and install a new 'security patch', which will 'protect their information'. The spoofed message reads:
'Failure to download this security patch in the next 48 hours will result in the temporary suspension of your America Online account. At this point we will send you a Security Patch CD in the mail. Upon installing it, your account will be reactivated.'
When users click on the link, they are redirected to a website hosted in Scotland which downloads a piece of malicious code, named patch.scr, written in Visual Basic and using Yoda Crypt.
When the file is run, a wizard opens to guide users through the disclosure of their confidential account and billing information, including their account limit. Once this information is obtained, it is sent in a text file via FTP to an account at a hosting facility.
Ross Paul, product marketing manager at Websense, said: "This is a blended threat that we haven't seen before. It combines the threat of a security breach with a link to a download that masquerades as a patch but in fact requests sensitive user information.
"The kind of questions it asks should alert you to the fraud because your provider already has those details."
Including a 15-inch Intel Core-powered device weighing less than a bag of sugar
Tuomo Suntola's ALD technology extended Moore's Law, but was only adopted by chip-makers in 2007
Trump proposes a $1.3bn fine and a round of firings to un-bork ZTE
Findings could mean new optical frequencies to transmit more data along optical cables