Have you received an email out of the blue with no message body, but with a file called
<random number>_inv.html
attached?
Well, be on your guard – as you could be in the firing line for a new malware attack that has been widely spammed out around the world.
Here is just a small snapshot of the different subject lines we’ve intercepted at our global network of spam traps:
If you make the mistake of opening the attached HTML file your computer will be redirected to a fake anti-virus attack on a third party site. That means that you will begin to see bogus security warnings trying to trick you into handing over your credit card details, or to download further dangerous software to your computer.
Sophos’s products don’t have any problem intercepting the messages above as spam (and we’ll be detecting the attachment as Troj/JSRedir-CO shortly), as well as intercepting the webpage that the attack attempts to connect with and blocking the fake anti-virus which hides here.
But although our customers are protected – there’s still a challenge.
And that challenge is – how do we warn the public about attacks like this?
The email address that the malware is sent from changes each time, the subjects appear to be pretty randomly chosen – even the attached filename has a random component. And the message body is no use to us, from the awareness point of view, as there’s nothing to see.
This isn’t like the old days of worms like “Anna Kournikova” and “The Love Bug” which could be very easily described in terms that the average chap in the street would understand, so they would know what to look out for.
All we have is “look out for empty emails with an attachment which might end with _inv.html”
Ask yourself this – are your colleagues likely to find that memorable?
It’s a good job that security software don’t find it as hard as Joe Public to tell what’s a legitimate email, and which ones carry a malware danger.