Malicious contracts spammed out by hackers

All of us know how easy it is to accidentally send an email to the wrong address. If two people in your address book have similar names then your email client might make it all too simple to send a message to the wrong one.

For instance, I work with Carole, but a simple slip of the fingers or not reading carefully enough might mean I drop a note to Carla Bruni instead. (In my dreams..)

And it’s this kind of common inccident that cybercriminals are exploiting when they launch an attack like the one we are currently seeing in our worldwide network of traps.

This is a significant attack – the malicious emails are being spammed out enmasse to computers around the globe, claiming to contain contracts for the unsuspecting recipient to approve.

Malware contract

A typical message reads:

Dear ladies and gentlemen,
We have prepared a contract and added the paragraphs that you wanted to see in it.
Our lawyers made alterations on the last page. If you agree with all the provisions we are ready to make the payment on Friday for the first consignment.
We are enclosing the file with the prepared contract.
If necessary, we can send it by fax.
Looking forward to your decision.
"<name>

Subject lines used in the attack include:

  • Rent contract
  • Loan contract
  • Contract of order fulfillment
  • Permit for retirement
  • Open an account
  • Record in debit of account
  • Contract of settlements
  • Your new labour contract
  • Open an account

The danger is that recipients of the emails might be curious and tempted to examine the attached file (called Contract_01_05_2010.zip) and end up infecting their Windows computer. And it’s possible that they might open the file out of the goodness of their heart, hoping that it will contain information that will help them identify who should have received the unsolicited message.

Sophos detects the attached malware as Troj/Invo-Zip and Mal/Koobface-E. Make sure that you keep your anti-virus software automatically updated, and always be suspicious of unsolicited emails.

Opening an unknown file on your computer could mean that you’re opening a backdoor for hackers to compromise and infect your PC.