– all you’ll contract is a malware infection

SophosLabs is seeing another widespread malicious spam attack being sent to email addresses around the world. The emails, which have a malware-infected attachment called, pretend to be a legal contract – however, opening the contents of the file could infect your Windows computer.

Malicious contract email

A typical email reads:

Subject: Permit for retirement

Sign up to our free newsletter.
Security news, advice, and tips.

Message body:

Good day,
We have prepared a contract and added the paragraphs that you wanted to see in it.
Our lawyers made alterations on the last page. If you agree with all the provisions we are ready to make the payment on Friday for the first consignment.
We are enclosing the file with the prepared contract.
If necessary, we can send it by fax.
Looking forward to your decision.

Attached file:

Like the other malicious spam attack I blogged about today, each email is signed-off by the name contained in the email’s from: header, albeit with an errant ” prefixing it. One can only assume that the superfluous quotation mark was a programming boo-boo by the hackers.

Other subject lines used in the attack include:

Permit for retirement
Contract of settlements
Record in debit of account
Your new labour contract
Loan contract
Open an account
Rent contract

Subject lines used in the spammed-out malware campaign

It’s interesting to see the cybercriminals use the non-American spelling “Labour” rather than “Labor”, which may give some clues as to where they learnt the English language. Mind you, it could just as easily be a red herring as to the emails’ origin.

Sophos detects the ZIP file as Troj/Invo-Zip and the malware contained within as Troj/Bredo-DL Trojan horse.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.