Malware Invoices & Viral Packages Flooding SMB Inboxes
0Overall Score

Many small businesses wrongly believe that they’re too insignificant to attract hackers and spend too little time on security but according to Secure Computing, since the beginning of July there are steady waves of mass-mailings hitting inboxes with fake invoices.

Click to enlarge

This includes fake UPS messages claiming that a package couldn’t be delivered and was returned, the user should print out the attached invoice – which in fact is the actual piece malware.

Just yesterday two different spoofs were on the loose, containing both the very same malware.

One in German language claiming to be an invoice from PayPal Europe and the other pretending to be from the US Custom Services.

And just today says Secure Computing, the next spam run brings in an invoice for a flight ticket. Victims are told they’ve bought an airplane ticket and their credit card was charged. The details and the flight ticket are attached – again this is malware.

Secure Computing says that users who fall prey to these common social-engineering tricks and install one of these nasties on their computer, actually install a ZBot spyware (aka ‘Wsnpoem’, aka ‘ntos.exe’). ZBot, depending on the actual variant, downloads an encrypted configuration file with further instructions from a Russian location and posts collected data back.