Malware Report: Watch Out for Fake Invoices

Tuesday, August 23, 2011 @ 12:08 PM gHale

There is a new wave of emails carrying malicious attachments and posing as invoices.

The subject of the rogue emails varies but is similar to: “Re: Inter-company inv. from [company name]” or “Re: Corp. invoice from [company name].” Beazer Homes, KPMG, Miltek, Kraft Foods, and Safeco are some of the companies named in the fake messages which read:
“Hi. Attached the inter-company invoice for the period January 2010 til December 2010. Thanks a lot for support setting up this process.”

Feds Expand Cyber Awareness Program
Report: Malware Tougher to Detect
Websites Hit with Injection Attack
ICS, SCADA Boot Camp 2.0

“Of course, the emails have not really been sent by the companies that are named in them, and the sender’s address has been forged,” said Graham Cluley, senior technology consultant at antivirus vendor Sophos.

The attachments bear names like,, or and contain trojan installers.

Security vendors have reported a huge spike in the quantity of spam emails with malicious attachments since the beginning of August.

The trend suggests cyber criminals have returned from their vacation and are trying to rebuild their botnets and make up for the lost time.

In a busy work environment, it is easy to just click on an attachment and move forward, but in reality all emails making such claims or similar ones should undergo some type of verification with the corresponding organizations over the phone.

All emails carrying attachments should be under suspicion, even if they appear to originate from trusted sources. Services like VirusTotal can scan the files with multiple antivirus engines and determine if they’re dangerous or not.

“Remember, once malicious code has run on your computer, it’s up to an unknown hacker what happens next. They can open a backdoor onto your computer to steal information, display fake anti-virus alerts, or compromise your PC to make it part of a botnet,” Cluley said.

Leave a Reply

You must be logged in to post a comment.