Contract of many disguises contains Trojan horse

Filed Under: Malware, Spam

Unsolicited email attachments are always something that should be treated with caution, and in recent months we have seen something of a rise in this method being used as a way of distributing malware.

Checking our monitoring systems today I see that a new widespread malware campaign is being spammed out, posing as contracts from the likes of Google, Apple, Procter & Gamble, and other well known firms.

Here is a typical email that has been seen, in this case claiming to come from Apple:

Example of a malicious email

Opening the attachment, called New_Contract.zip, is not a good idea as it contains a Trojan horse.

Some of the other subject lines we have seen the hackers use in this malware campaign include the following:

Southwest Airlines Contract of settlements
Procter & Gamble Contract of order fulfillment
Toyota Permit for retirement
General Electric Lease contract
Berkshire Hathaway Loan Contract
Southwest Airlines Your new labour contract
Procter & Gamble Contract e-fulfilment
Procter & Gamble Contract direct marketing
Apple Contract of retirement
FedEx Contract direct marketing
Johnson & Johnson Contract e-fulfilment
Apple Start a personal account
Google Lease contract
Toyota Contract of order fulfilment
Starbucks Lending Contract

Of course, it's the most natural thing in the world if you receive an email like this to open the attachment. You may think the email was sent to you in error, and want to reply that the sender has clearly got the wrong email address, but perhaps you would be tempted into opening the attachment first?

Even if you weren't involved in any business dealings with the above companies you might still be curious enough to open the attachment to see what it contains. It is that curiosity which the cybercriminals are depending on in order to infect your computer, and potentially steal information, resources and money from you - so don't make it easy for them. Just delete the messages if you receive them.

Sophos detects the malware as Troj/Invo-Zip. Users of other vendor's anti-virus products are advised to check that their protection is up-to-date.

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.