14 DAY TRIAL // Expecting some lab results from Allergan Limited? If so, you should beware of fake emails used by cybercriminals to distribute a piece of malware that’s designed to steal sensitive information from infected computers.
According to researchers from Trend Micro, the fake Allergan emails are entitled “Medical Laboratory Results: MEFHNAO796MEFHNAO791” and they inform recipients of the following:
“Further to our telephone conversation, please find details attached in response to your medical information inquiry. I have been advised that you can contact them and they should be able to assist you.”
The attachment is actually a malicious file that’s designed to exploit a Microsoft Office vulnerability in order to drop and execute a backdoor (BKDR_LIFTOH.AD). This backdoor downloads a variant of the information-stealing Trojan known as ZeuS.
Experts note that it’s uncommon for the BKDR_LIFTOH malware to be distributed via spam. It usually propagates via social networking websites and instant messaging platforms.
Another similar campaign uses fake Estates Industry PVT emails to distribute malware. The notifications are entitled “Order Acknowledgement” and they read: “We acknowledge & confirm your order for [product], as follows: Find herewith the attached order invoice.”
Another variant appears to come from DENSO Manufacturing UK and it purports to represent an “invoice document” for a purchase order.
All these campaigns appear to be aimed at users from the United Kingdom.
If you haven’t done business with any of these companies, you should automatically assume that the emails are part of a scam. If you have done business with them, but you’re not expecting any invoices or order confirmations, contact the company directly and ask them if the email is legitimate before opening the attachment.
