Spammed out personal account keys contain Trojan horse

We’ve seen a spate of malicious spam today designed to fool internet users into an infection by a Trojan horse.

The emails typically tell you that you can activate or register your account by using information in the attached file.

Of course, your natural first question is likely to be “What account?”. After all, the email body doesn’t explain and the subject lines of “The Activation Keys” or “Recovery KEYS for your account” don’t make it clear, and the sender’s email address appears to be chosen pretty randomly.

Here are a couple of examples that we have seen in large numbers in our spam traps around the globe:

invozip1

invozip2

Now, I know many of you would simply delete the email and its suspicious file at this point. But I am sure there are some people out there who would be curious to get to the bottom of what account it might be, and might be tempted to open the attachment.

Big mistake.

For inside the attached zip file (called active_key.zip or the_Keys.zip) is a copy of the Troj/Invo-Zip Trojan horse, designed to take over your computer and compromise your data.

And that’s what the hackers are relying upon – just a small percentage of people clicking on the attachment. They know that most people won’t bother, but they also know that a proportion will do it despite the years of warnings of unsolicited emails. The hackers are spamming millions of people around the world today (and probably tomorrow too, and for many days and years to come) because they recognise that there are people out there who don’t practice safe computing.