Inter-company invoice emails carry malware

Filed Under: Malware, Spam

InvoicesHave you received an unexpected "inter-company invoice" from a company for the period January 2010 - December 2010?

If so, chances are that your computer is being targeted by cybercriminals who are using the disguise as a method to infect your computer with a Trojan horse.

Companies such as Beazer Homes, KPMG, Miltek, Kraft Foods, and Safeco are named in different incarnations of the malware campaign, that is designed to trick you into opening the attached ZIP file.

Even if you haven't done business with the company referenced in the email, you might be tempted to open the attachment (which have names like,, and out of curiousity.

Inter-company invoice emails carry malware

Of course, the emails have not really been sent by the companies that are named in them, and the sender's address has been forged.

Sophos products intercept the malware as the Troj/Agent-TBO Trojan horse, and the ZIP files themselves as Troj/Invo-Zip.

Remember, once malicious code has run on your computer, it's up to an unknown hacker what happens next. They can open a backdoor onto your computer to steal information, display fake anti-virus alerts, or compromise your PC to make it part of a botnet.

The best defence is not to fall for such attacks in the first place, by keeping your anti-virus protection up-to-date and keeping your wits about you.

, , , ,

You might like

One Response to Inter-company invoice emails carry malware

  1. Adrienne Boswell ยท 1478 days ago

    Is there something in these miscreants' genetic make up that keeps them from being able to spell and use grammar correctly? That is the first thing that jumps out at me as something wrong. I understand they might not be native English speakers, but they are anticipating having lots of ill gotten gains, so why not hire someone to proof it? Criminals are dumb, and that's a good thing.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley