«
»

AOL’s New AIM Instant Messenger Phishing Scam

A new Phishing scam is making the rounds, targeting AOL’s Instant Messenger users and attempting to trick them into sharing their AIM login username and passwords.

Emails are currently making the rounds with subject lines like:

  • AOL Instant Messenger critical update
  • The latest update for the AIM
  • AIM critical update
  • Your AIM account will be deleted

The spoofed (fake) sending addresses tend to be similar to:

  • “AIM” <no_reply_aim@aol.com>
  • “AOL” <no_reply_instant_messenger@aim.com>
  • “AOL” <no_reply@aim.com>
  • “AOL Instant Messenger” <dontreply@aim.com>

However these are actually sent from zombie PC’s that are part of a spammer’s bot-net, from “always on” high-speed connected computers from servers throughout the world, like:

  • mynet.it [77.241.14.114]
  • sta.etb.net.co 201.244.53.33
  • adsl.proxad.net [82.248.8.42]

The bait that is contained in these identity theft emails are consistently worded as:

Dear AOL Instant Messenger user,

Your AIM account is flagged as inactive. Within the following 72 hours it’ll be deleted from the system.

If you plan to use this account in the future, you have to download and launch the latest update for the AIM. This update is critical.

In order to install the update use the following link. This link is generated exclusively for your account and is available within a certain period of time. As soon as this link is not available anymore you will get another letter.

Thank you,

AIM Service Team

This e-mail has been sent from an e-mail address that is not monitored. Please do not reply to this message. We are unable to respond to any replies.

While baited hyper-linked URL begins with:  http://update.aol.com

The full URL’s actually link to compromised attack servers such as:

  • http://update.aol.com.hasdxzzw.com.im/
  • http://update.aol.com.yhffd8.com.pl/
  • http://update.aol.com.terfkiox.net.pl/

So far the machines sending such emails are infected PC’s spread across the globe with no specific isolated locations.

Bookmark and Share

Related posts:

  1. New and Aggressive “Settings File” Phishing Campaign
  2. Facebook Phishing Catches Many
  3. Google Adwords Phishing Frauds
  4. Western Union Phishing Frauds
  5. Fidelity Phishing Alert

Tags: , , , , , , , ,

This entry was posted on Friday, January 22nd, 2010 at 10:54 am and is filed under Phishing Lessons, Spam Tactics. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Feel free to respond but please read our Comment Policy first.