Statement of fees 2009/2010 malware attack spammed out

Why should hackers bother to dream up new disguises for their attacks, if their tried-and-trusted ones are still working?

Right now we’re seeing a very widespread malware attack being spammed out to internet users around the world with the subject line “Statement of fees 2009/2010”.

Statement of fees 2009/2010 malware attack

A typical email reads:

Please find attached a statement of fees as requested, this will be posted today.
The accommodation is dealt with by another section and I have passed your request on to them today.

Kind regards.
<name>

where <name> reflects the name used in the “from” address.

Attached to the emails is a file called Statement_of_Fees_2009-2010.zip, which itself contains a Trojan horse that Sophos detects as Mal/Zbot-U. Sophos also detects the ZIP file as Troj/Invo-Zip.

This isn’t code that you want to run on your computer – as it can spy on you, and give a hacker remote control of your Windows PC. So don’t allow curiousity to get the better of you – if you receive an email with an attachment like this, you should always exercise extreme caution before opening its contents.

And make sure you’re clued-up about the tricks that malicious hackers commonly use. After all, Sophoslabs blogged about this very disguise back in 2008.