Sophos Cloud Optix
Did you open your email inbox this morning to find an email like the following?
Kindly open to see export License and payment invoice attached, meanwhiole we sent the balance payment yesterday.
Please confirm if it has settled in your account or you can call if there is any problem.Thanks
Karen parker
Whatever you do, don’t open the file attached to the email.
Contained inside the file invoice copy.zip is a malicious Trojan horse, designed to compromise your computer.
Sophos products detect the malware proactively as Mal/BredoZp-B, but users of other vendors’ products should check that their software is fully up-to-date and defending against the threat.
Curiously, samples of the malware campaign intecepted by SophosLabs claim to come from the world-famous jewellers Tiffany & Co.
This may be a deliberate ploy on the part of the criminals behind the attack to tempt more people into opening the attachment.
Of course, it’s child’s play to forge email header information, and there is no suggestion that the messages were really sent by Tiffany’s. If anything, they are also victims of this campaign.
Little blue boxes from Tiffany & Co. are the stuff of dreams for many. Don’t let an unexpected email delivery – apparently from the company – make you so giddy with an excitement that you end up with a computer nightmare.
Right after I viewed this post earlier today, I checked my email and lo and behold… I got the EXACT same message from Tiffany's. I would have known it was malware without having read your post, but still, I had a chuckle knowing that I'm in the clear because you keep me up to date on all the malicious campaigns out there. Thanks, Graham!
Fantastic!
Happy to have helped. 🙂
How does it do its nasty work? Exploiting a buffer-overrun fault in whatever Windows uses for opening zip files?
Are fully-updated Windows installations vulnerable? (Sorry, don't think you said Windows is the target, but most of us will make that assumption.)
It’s Windows-only. The user unzips the attachment and runs the executable contained within.
Not very sophisticated, but then social engineering-based attacks like this don’t need to be complex to successfully infect users systems.