14 DAY TRIAL // A scam email that targets Dutch and English speakers greet their victims with the popular “Gruss Gott,” a shortened variant of “Es grüße dich Gott" which means "May God bless you."
That's about the only thing that's Catholic about these emails since the rest of the message only tries to lure the recipients into opening links which point to a malicious worm that spreads like a plague and opens doors for other bad elements.
The email's subject doesn't say much about what's actually in stall for the unsuspecting victim, “Re: adviser id: 7356847”, ”Request id: 71066294”, “Bestel id 170-6513” and “Bestel N 841-5282” being just a few of the confusing messages that can be seen in inboxes.
“Gruss Gott, carmen. Your order has been accepted. Order id: 83435991. Terms of delivery and the date can be found with the auto-generated msword file located at: [LINK],” reads one of the messages provided by Mxlab.
“Gruss Gott, [email address] Thank you for the order. Id: 862446. Your credit card will be charged for 638 dollars. Information about the order and delivery located at: [LINK],” reads another variant.
Behind the innocent-looking link, a trojan identified by Microsoft as Worm:Win32/Gamarue.B silently awaits to be downloaded.
Once it lands on a device, it starts creating files, directories but also registry entries that make sure it can communicate with some shady IP addresses.
Unfortunately, at the time of writing, only 6 out of 43 security products detected the malevolent element, but hopefully others will update their databases to include the threat.
Internauts are advised to stay clear of any shady messages, even if they claim that certain amounts of money were withdrawn from their bank accounts. In most cases, these allegations are false, being designed to make the recipients rush to open the link without giving it a second thought.