Scam E-mail Masked as God’s Blessing Target Internet Users

According to the researchers from MxLabs Security Company, a phony electronic mail targeting English and Dutch speaking Internet-users apparently greet them with the well-known phrase "Gruss Gott," short form of "Es grüße dich Gott" that implies "May God bless you."

That's about all which's religious regarding these electronic mails as the remaining part solely attempts at enticing the recipients in way to get them click on web-links that produce a PC-virus, which proliferates abundantly and allows more malware to creep in.

A particular version of the malicious electronic mail having different headers like Re: Request id: 71066294, Adviser id: 7356847, Bestel N: 841-5282 or Bestel id: 170-6513, reads "Gruss Gott, carmen," while telling the recipient that his order is currently under process (Order id: 83435991). The recipient can find the delivery 'rules-and-regulations' via the automatically-produced Word document within "LINK," outlines MxLabs.

One more version of the fake message says "Gruss Gott" in conveyance of gratitude for certain order id: 862446 and then states that the user will be debited $638 on his credit card, while details of the order along with handing-over procedures are within LINK.

Alongside these 2 e-mails, MxLabs identified another one, which targeted unwitting Internet-users, while stating that there had been 2 transactions valuing EUR59 on their accounts. However, the second transaction happened to be inadvertently accepted, so for everything the users are requested to read LINK carefully, the e-mail adds.

Furthermore, MxLabs comments that LINK, apparently looking innocent, actually unleashes a PC-Trojan that Microsoft detected as Worm:Win32/Gamarue.B, Fortinet -W32/Yakes.B!tr, and McAfee -Generic FakeAlert.fz, that quietly waits to get pulled down on the infected PC.

And when downloaded, files, folders and directories begin getting created, while registry entries too are made so the malware can link up with certain malicious Internet Protocol (IP) addresses.

Unfortunately, merely 6 from the total 43 security-engines of VirusTotal could detect the Trojan, while it's expected that others will do all that's necessary for addressing the threat.

Meanwhile, it's advisable that Internauts ignore dubious e-mails despite them claiming about particular sums of money debited to the financial accounts of those users for, often such claims are false.

Related article: Sixem Worm Striking World Cup

» SPAMfighter News - 12/1/2011