Bogus Intercompany Invoices Carry Malicious HTML Files

The files redirect users to websites that contain obfuscated code

  Users warned about malicious intercompany invoices
Security researchers from MX Lab have analyzed a spam campaign that’s relying on fake intercompany invoices in an attempt to convince users to open HTML files that redirect them to malicious websites.

Security researchers from MX Lab have analyzed a spam campaign that’s relying on fake intercompany invoices in an attempt to convince users to open HTML files that redirect them to malicious websites.

It all starts with an email that purports to be an intercompany invoice from organizations such as Boyd Gaming Corp, AMR Corporation Corp, or WLC Corp.

The emails read something like: “Attached the intercompany inv. for the period July 2012 til Aug. 2012(Internet Explorer file). Thanks a lot for support setting up this process.”

When users open the HTML file attached to the notifications, they’re redirected to a .ru website that hosts obfuscated JavaScript.

“You can find out on Google that this is in fact a security risk in an old format from 2011 that somehow has been reactivated,” MX Lab experts explained.

They advise users never to open suspicious-looking HTML emails since they can lead to all sorts of nasty pieces of malware.

Comments