Sophos Cloud Optix
Cybercriminals have launched a widespread malicious spam attack today, aimed at tricking users into opening a malicious file.
The emails, which have the subject line “Contact of Settlements”, pretend to relate to a contract. Recipients are told that if they agree to the terms of the contract they should expect “payment on Friday for the first consignment”.
Greetings,
We have prepared a contract and added the paragraphs that you wanted to see in it.
Our lawyers made alterations on the last page. If you agree all the provisions we are ready to make the payment on Friday for the first consignment,
We are enclosing the file with prepared contract. Password: 345543If necessary, we can send it by fax.
Looking forward to your dicision.
Attached to the emails is a password-protected ZIP file, contract_1.zip, which contains a malicious Trojan horse. Sophos is intercepting the emails as spam, and has added detection of the malware component as Troj/Agent-LNW.
The danger is that some people will feel so curious about an unsolicited contract materialising in their inbox that they’ll enter the password to decrypt the file, open the file contained within and end up infecting their PC.
This latest attempt to infect the computers of innocent internet owners echoes a series of attacks we saw late in 2008, many of which used the names of well-known companies as an extra temptation for users to open them.