Fake Car Tax Malware

Sometimes malware authors make it really easy to spot a scam.

Today’s email attachment campaign is a fake car tax update. Apparently the “Ministry of Transport”  has made some sort of change to my car tax and details are in the attached file, “CAR_DOCUMENTATION.zip”.

But with spelling and grammar as bad as this, alarm bells should be ringing:



The executable contained inside the zip is called “CAR_DOCUMENTATION.DOC.___________.exe” – the double extension is another clue that this missive from the “Ministry of Transport” should not be trusted.

To cap it all off the email is sent from a random looking email address that certainly doesn’t have anything to do with this Ministry of Transport that wishes me to “the cease of economize on your finance”.

Fortunately if you are unlucky enough to receive one of these emails and all these clues don’t cause you to delete it immediately, Sophos will come to the rescue and detect the file as Troj/Agent-NSQ.