More contract malware spammed out

The start of a new week has brought some minor variations to the contract malware I warned you about on Friday.

The malicious messages that are being spammed out are pretending to be changes to a contract – some related to business activities with well known firms like Johnson & Johnson, Starbucks or Google, and others pretending to be connected with a retirement plan.

Here are a couple of examples:

retirement

johnson

The dangerous files attached to these emails in the samples we’re seeing in our traps are called contract.zip or New_Contract.zip. Sophos intercepts them as Troj/Invo-Zip.

If you use other vendors’ products, make sure that they are properly updated and capable of stopping these threats.