Meeting Reminders Deliver Malware
Sophos researchers identify the malicious attachments at Troj/Invo-Zip.
"The email is [sent] from the spoofed address 'LinkedIn <firstname.lastname@example.org>' or 'Files Tube <email@example.com>' and has the following body: 'Don’t forget this report for meeitng tomorrow. See attached file,'" MX Labs reports. "The attached ZIP file has the name Report.zip and contains the 83 kB large file Report_ALK_CON-39892-45.exe."
"Experts from Sophos ... highlight the fact that the typos can vary from one version to the other," writes Softpedia's Eduard Kovacs. "For instance, in some cases, 'meeting' is spelled 'meteing' and 'tomorrow' is spelled 'tomrorow.'"
"Recipients might think the typos are the result of someone writing too quickly, or fumbling on their BlackBerry, rather than an attempt to bypass a company's email gateway protection," writes Sophos' Graham Cluley. "The misspelling hasn't been enough to fool Sophos's products however, which correctly intercept the messages as spam and identifies the attached file as Troj/Invo-Zip."
"As a general word of caution, don't open attachments without first making sure they are what they claim to be," writes ZDNet's Emil Protalinski. "The best form of security is a vigilant end user."