14 DAY TRIAL // Security experts warn of a new wave of emails carrying malicious attachments and posing as invoices from various companies. The subject of the rogue emails caries but is of the form "Re: Inter-company inv. from [company name]" or "Re: Corp. invoice from [company name]."
Beazer Homes, KPMG, Miltek, Kraft Foods, and Safeco are some of the companies named in the fake messages which read:
"Hi. Attached the inter-company invoice for the period January 2010 til December 2010. Thanks a lot for support setting up this process."
"Of course, the emails have not really been sent by the companies that are named in them, and the sender's address has been forged," warns Graham Cluley, senior technology consultant at antivirus vendor Sophos.
The attachments bear names like Inv._08.8_D7.zip, Corpinvoice_08.10_N47.zip, or Invoice_08.4_D6.zip and contain trojan installers.
Security vendors have reported a huge spike in the quantity of spam emails with malicious attachments since the beginning of August.
The trend suggests that cyber criminals have returned from their vacation and are trying to rebuild their botnets and make up for the lost time.
As always, running an up-to-date antivirus program is mandatory for users who wish to remain safe. In addition, all emails making such claims or similar ones should be verified with the corresponding organizations over the phone.
All emails carrying attachments should be treated with suspicion, even if they appear to originate from trusted sources. Services like VirusTotal can be used to scan the files with multiple antivirus engines and determine if they're dangerous or not.
"Remember, once malicious code has run on your computer, it's up to an unknown hacker what happens next. They can open a backdoor onto your computer to steal information, display fake anti-virus alerts, or compromise your PC to make it part of a botnet," the Sophos expert warns.