Sophos Warns of Spam Mails Impersonating Tiffany’s & Co.

According to Sophos the security company, spam mails carrying malicious software and posing as communication from Tiffany's & Co., the globally renowned jewelers, are presently circulating online.

Displaying a caption, "Invoice copy" and addressing recipients, the unsolicited electronic mail requests users to open an attachment for viewing a co-called Export License as well as Payment bill. Already, the balance amount was dispatched yesterday, the e-mail states. Now, the user requires confirming whether that amount has been credited to his account, alternatively in case of any problem he can make a telephone call.

The e-mail signs off from certain "Karen Parker."

But, the attachment named 'invoice copy.zip' contains one harmful Trojan created for hijacking the user's PC.

Sophos' security items identify the malware to be Mal/BredoZp-B.

The company outlines that the Mal/BredoZp-B Trojan brings up several obnoxious symptoms and symbols, which are dangerous for the already infected system. The Trojan creates a backdoor that gives the attacker control over the system. In addition, it seizes every personal detail of the victim, including his password for utilizing them towards carrying out illegal operations later.

Remarking about this e-mail scam, Senior Technology Consultant Graham Cluley at Sophos posted on his blog that it might be an intentional trick from the perpetrators responsible for the assault towards tempting increasing number of individuals into clicking on the attached file. Nakedsecurity.sophos.com published Cluley's statement on May 22, 2013.

Cluley added that certainly it wasn't difficult to forge subject lines of e-mail, while there was little indication that Tiffany's truly dispatched the latest e-mails. If anything, the company was as well a victim of the scam, he concluded

In the meantime, Security Analyst Richard Westmoreland at SilverSky the provider of security-as-a-service elaborated that the majority of effective e-mail Trojans nowadays concealed themselves inside zipped archives while relied on socially-engineered tactics for tricking users into running them. Newsfactor.com published Westmoreland's statement on May 22, 2013.

The analyst stated that organizations inevitably had to allow zipped attachments to continue their business, but virus scanners should continue as capable of filtering their e-mail and detecting materials of unencrypted zipped folders,.

» SPAMfighter News - 5/27/2013