Avira experts have investigated the massive spam campaign

Apr 30, 2013 13:14 GMT  ·  By

Security researchers from Avira have identified a massive spam campaign that’s aimed at Internet users from Germany. The campaign leverages the name and reputation of Apple and German supermarket chain Plus to trick internauts into installing malware on their computers.

The spam messages appear to be invoices for an item purchased at Apple or Plus. Recipients are urged to download the attached zip file that allegedly contains the invoice.

However, the archive hides a malicious .scr (Windows screensaver) file, which unleashes a Trojan identified by Avira as TR/Rogue.957311 and TR/Kazy.169263.1.

While such spam campaigns are not uncommon, there are some interesting aspects to this one.

For instance, the potential victim is addressed by his/her full name. In addition, the malicious archive that’s attached to the notifications also contains the victim’s full name.

The full name and email addresses combination could come from a number of sources, including companies whose systems have been breached by hackers, such as LinkedIn, Last.fm or Evernote.

Furthermore, the attachment also contains the string “Dritte Mahnung,” which in German means “third reminder.”

Avira experts highlight the fact that this is a social engineering tactic because in Germany, companies usually send a “Dritte Mahnung” just before sending unpaid invoices to a lawyer.