14 DAY TRIAL // A new spam run is tricking people into opening an infected file by passing it as a contract of settlements. The attachment is password protected in order to bypass email scanners and the language used lends credibility to the spam.
The fake emails have a subject of "Contract of Settlements" and claim to be sent from an organization called LSM Company. "Greetings. We have prepared a contract and added the paragraphs that you wanted to see in it. Our lawyers made alterations on the last page. If you agree all the provisions we are ready to make the payment on Friday for the first consignment. We are enclosing the file with prepared contract," the contained message reads.
Unlike the average spam e-mails, the spelling of this one is proper and the wording used sounds professional. The attached file is called contract_1.zip and is a password-protected archive. The password is provided inside the message body and unpacking the .zip it will reveal a computer Trojan installer.
"The danger is that some people will feel so curious about an unsolicited contract materialising in their inbox that they'll enter the password to decrypt the file, open the file contained within and end up infecting their PC," Graham Cluley, senior technology consultant at Sophos, explains. He also points out that this spam is highly similar to one being distributed back in November 2008.
Running the executable file, detected by Sophos as Troj/Agent-LNW, will result in more malware being installed on the computer. Maydalene Salvador, anti-spam research engineer at Trend Micro, points out that this trojan connects to a third-party server from where it downloads a scareware application detected as TROJ_FAKEAV.BQN. "As usual, users are advised to refrain from opening any suspicious-looking emails," he notes.
This new malware distribution campaign is consistent with the latest reports from security vendors, which claim that the number of infected emails is on the rise. According to Symantec, in September the prevalence of this type of spam increased nine times over August and at one point accounted for 4.5% of all junk emails.