« Interesting Apple Mail Phishing Protection | Main | Yet Another Attachment Trick - Uniform Traffic Ticket »

August 16, 2011

In addition to the revived flood of phony UPS/Fedex/DHL delivery notifications carrying lethal malware payloads, today I saw a variation of an old social engineering trick:

Subject: Re: FW: End of July Stat.

Hallo,
As requested I give you the open Invoices issued to you as per 30th July 2011:

Regards
STEVIE HUFF

The attachment in the sample I saw was named Inv._08.8.2011_B8.zip. It's a Trojan loader, which will take over your PC with junk, including software that captures your various login credentials as you surf the web — potentially exposing you to all kinds of financial and identity theft.

Remember that crooks want to push your buttons to get you to act on their behalf. Making you think that you're in trouble and the details are in the attachment is a common ploy.

If you feel you can't resist, hold off for a second and upload the attachment to virustotal.com to see if any of 40+ antivirus programs detect the file as bad. If only a handful of products detect the file as malware, you should be extra careful with it because your antivirus software may not yet have data to save you on your PC. For instance, "Stevie Huff's" attachment is identified by only six AV products at this hour. That means it's a new variant (of the thousands produced every day), and even many major AV branded products wouldn't stop it from wreaking havoc on your system for awhile.