New malware attack through email notifications

Jake Widman
Wednesday, 18 November 2009 01:37

Business IT - Security

Security experts Sophos Labs reports a widespread Trojan attack being distributed through notifications of deactivated email mailboxes. The malware package is presented as a "mailbox utility."

As described on Sophos senior technology consultant Graham Cluley's blog, the malware comes as an attachment to an email notification with the subject line, "your mailbox has been deactivated."

The message claims that the recipient's mailbox has seen some "unusual activity" and has therefore been deactivated.

The recipient is instructed to "extract and run the attached mailbox utility" to restore access. The attachment is named utility.zip.

The "utility" is in reality the Mal/EncPk-LP Trojan.

The insidious aspect of this attack -- and the factor that may make it more likely the recipient will do as instructed -- is that the message appears to come from the recipient's domain.

"For instance, if your email address was This e-mail address is being protected from spambots. You need JavaScript enabled to view it the emails would pretend to be from This e-mail address is being protected from spambots. You need JavaScript enabled to view it ," warns Cluley.

"We've seen this trick before," he writes. "But the reason why it is still being used is because it works."