Full report and email snapshot here.
Websense® Security Labs™ has received reports of a new attack that targets AOL customers. Users receive a spoofed email from the security department at AOL. The email claims that AOL had a security breach over the weekend and that confidential information may have been compromised. The email also requests that users connect to a website to download and install a new security patch, which will protect their information.
When users click on the link, they are redirected to a fraudulent website...This site hosts a piece of malicious code, named patch.scr, which is written in Visual Basic and uses Yoda Crypt. When the file is run, a wizard opens to guide users through the disclosure of their confidential account and billing information, including their account limit.