August 28, 2009Malware Via Phony Invoice
The following malware delivery email is a little confused, but I doubt that will stop many recipients from opening the Dc784ffb2.zip attachment, which VirusTotal says is caught by only 30% of AV products. The confusing part is that the forged From: address indicates sharp.co.jp, while the body of the message...well, see for yourself:
Thank you for shopping at our internet store!
We have successfully received your payment.
Your order has been shipped to your billing address.
You have ordered HP KQ246AA.
You can find your tracking number in attached to the e-mail document.
Please print the label to get your package.
We hope you enjoy your order!
The product number mentioned above is a Hewlett Packard item (camera). Although sonystyle.com doesn't carry that item, recipients will be curious enough to try to open the attachment to investigate what's going on. That's at the root of any unsolicited email message: to trick the recipient into acting for the benefit of the sender. Anyone who double-clicks that ZIP file will have handed over to unknown crooks the keys to their computer kingdoms.Posted on August 28, 2009 at 10:26 PM