Large outbreaks of phony AT&T wireless e-mails were distributed in the last 2 days, Commtouch said April 5.
The e-mails describe very large balances ($943), that are sure to get aggravated customers clicking on the included links.
Every link in the e-mail leads to a different compromised site with malware hidden inside.
The pattern is: legitimate domain / recurring set of random letters / index.html. The index.html file tries to exploit at least the following known vulnerabilities: Libtiff integer overflow in Adobe Reader and Acrobat — CVE-2010-0188; and Help Center URL Validation Vulnerability — CVE-2010-1885.