Invoice E-Mails from Different Organizations Loaded With Malware

Security researchers warn that a malicious e-mail having the header "Re: Corp. invoice from [firm's name]" alternatively "Re: Inter-company inv. From [firm's name]"is rapidly proliferating amidst Internet-users with malevolent attachments. SoftPedia published this on August 19, 2011.

Reportedly, the malware scam in its various forms use the names of organizations such as KPMG, Kraft Foods, Miltek, Safeco and Beazer Homes as well as is devised for duping end-users into viewing a given .zip file attachment. But, if this attachment is viewed, a Trojan virus infects their PCs.

Even within cases where the user hasn't had a commercial deal with the firm mentioned within the e-mail, there could still be a temptation for clicking on the attachment that's named as Invoice_08.4_D6.zip, Corpinvoice_08.10_N47.zip or Inv._08.8_D7.zip.

The malicious e-mail, addressing the recipient, informs him that an inter-company invoice is attached, covering January to December 2010. Thereafter, it expresses thanks to him for providing support to establish the process. But, Senior Security Consultant Graham Cluley at Sophos the anti-virus company cautions that the e-mails aren't actually from the organizations referenced within them, while the sender's e-mail id too is forged. SoftPedia published this on August 19, 2011.

Moreover, the Trojan virus, which Sophos intercepted, has been identified as Troj/Agent-TBO, while the zipped folder -Troj/Invo-Zip.

The anti-virus vendor as well issued an alert to PC operators that once malware got executed on a PC, the system would go under the control of hackers. It could create a backdoor on the end-user's PC for theft of information, exhibition of bogus AV warnings, or hijacking of the system to add it to a botnet.

Importantly, according to security firms, there has been a massive rise in the total spam mail volume carrying malevolent attachments starting August 2011. This is indicative of cyber-criminals coming back after their holidays as well as attempting at reconstructing their botnets for compensating the lost period.

Thus like always, it's mandatory that end-users install security software that's maintained up-to-date for keeping their systems safe. Additionally, any e-mail of the above kind must be substantiated through a telephone call to the corresponding company mentioned within the message.

Related article: Infection in Chinese Security Website

» SPAMfighter News - 8/29/2011