Your mailbox has NOT been deactivated

Filed Under: Malware, Spam

SophosLabs is currently intercepting a widespread malware attack, being spammed out to innocent internet users under the disguise of a mailbox deactivation notice.

The emails, which have a subject line of "your mailbox has been deactivated", pretend to come from the recipient's domain. For instance, if your email address was john.smith@example.com the emails would pretend to be from notifications@example.com.

Malicious email about mailbox deactivation

Subject:

your mailbox has been deactivated

Message body:

We are contacting you in regards to an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility.

Best regards, [domain name] technical support.

Attached to the emails is a zip file - utility.zip. Under no circumstances should you run the program contained inside the Zip file as it contains the Mal/EncPk-LP Trojan horse.

The clever thing about this attack, of course, is the social engineering. We've seen this trick before (of pretending to be from the administrators of your email system) but the reason why it is still being used is because it works. Users panic if they think they might be at risk of having their umbilical cord to the internet cut off and may race to open the attachment before thinking about the malice that might lie behind it.

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.