New malware attack through email notifications
By Jake Widman
Wednesday, 18 November 2009 00:37
The message claims that the recipient's mailbox has seen some "unusual activity" and has therefore been deactivated.
The recipient is instructed to "extract and run the attached mailbox utility" to restore access. The attachment is named utility.zip.
The "utility" is in reality the Mal/EncPk-LP Trojan.
The insidious aspect of this attack -- and the factor that may make it more likely the recipient will do as instructed -- is that the message appears to come from the recipient's domain.
"For instance, if your email address was john.smith@example.com the emails would pretend to be from notifications@example.com," warns Cluley.
"We've seen this trick before," he writes. "But the reason why it is still being used is because it works."
Please enable JavaScript in your browser to post your comment!



