Establishing Digital Trust: Don't Sacrifice Security for Convenience
"We have been sent a sample of your blood analysis for further research," the e-mails state. "During the complete blood count (CBC) we have revealed that white blood cells is very low, and unfortunately we have a suspicion of a cancer. ... We suggest you to print out your CBC test results and interpretations in attachment below and visit your family doctor as soon as possible."
The attachment is a ZIP file containing an executable with a PDF icon. The executable takes control of the victim's PC, then steals browser cookies and Outlook passwords, and uploads the data to a remote server. "This is all very common behavior for the ZeuS family of malware which is still very common in today’s attacks," writes AppRiver's Fred Touchette.
"A spam e-mail purporting to come from NICE is being sent to members of the public regarding cancer test results," NICE chief executive Sir Andrew Dillon said in a statement. "This e-mail is likely to cause distress to recipients since it advises that ‘test results' indicate they may have cancer. This malicious e-mail is not from NICE and we are currently investigating its origin. We take this matter very seriously and have reported it to the police."