Breakfast malware at Tiffany's? Trojan horses spammed out widely

by Graham Cluley on May 22, 2013 | 4 Comments

Filed Under: Featured, Malware, Spam

Did you open your email inbox this morning to find an email like the following?

Malicious email

Kindly open to see export License and payment invoice attached, meanwhiole we sent the balance payment yesterday.
Please confirm if it has settled in your account or you can call if there is any problem.

Thanks
Karen parker

Whatever you do, don't open the file attached to the email.

Contained inside the file invoice copy.zip is a malicious Trojan horse, designed to compromise your computer.

Sophos products detect the malware proactively as Mal/BredoZp-B, but users of other vendors' products should check that their software is fully up-to-date and defending against the threat.

Tiffany & CoCuriously, samples of the malware campaign intecepted by SophosLabs claim to come from the world-famous jewellers Tiffany & Co.

This may be a deliberate ploy on the part of the criminals behind the attack to tempt more people into opening the attachment.

Of course, it's child's play to forge email header information, and there is no suggestion that the messages were really sent by Tiffany's. If anything, they are also victims of this campaign.

Little blue boxes from Tiffany & Co. are the stuff of dreams for many. Don't let an unexpected email delivery - apparently from the company - make you so giddy with an excitement that you end up with a computer nightmare.

Tags: , ,

You might like

Beware! Malicious Europcar invoice emails carry a Trojan horse Beware! Malicious Europcar invoice emails spread Trojan horse attack
Inter-company invoice emails carry malware Inter-company invoice emails carry malware
Image (1) western-union.gif for post 12098 Don't open that Western Union Transfer email
Email with the subject "Airmail Tracking number #8154506"?

4 Responses to Breakfast malware at Tiffany's? Trojan horses spammed out widely

  1. Karen · 652 days ago

    Right after I viewed this post earlier today, I checked my email and lo and behold... I got the EXACT same message from Tiffany's. I would have known it was malware without having read your post, but still, I had a chuckle knowing that I'm in the clear because you keep me up to date on all the malicious campaigns out there. Thanks, Graham!

    Reply
  2. njorl · 651 days ago

    How does it do its nasty work? Exploiting a buffer-overrun fault in whatever Windows uses for opening zip files?

    Are fully-updated Windows installations vulnerable? (Sorry, don't think you said Windows is the target, but most of us will make that assumption.)

    Reply
    • Graham Cluley · 641 days ago

      It's Windows-only. The user unzips the attachment and runs the executable contained within.

      Not very sophisticated, but then social engineering-based attacks like this don't need to be complex to successfully infect users systems.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.