Hackers launch “Contract of Settlements” attack on inboxes

Graham Cluley
@gcluley

Cybercriminals have launched a widespread malicious spam attack today, aimed at tricking users into opening a malicious file.

The emails, which have the subject line “Contact of Settlements”, pretend to relate to a contract. Recipients are told that if they agree to the terms of the contract they should expect “payment on Friday for the first consignment”.

Greetings,
We have prepared a contract and added the paragraphs that you wanted to see in it.
Our lawyers made alterations on the last page. If you agree all the provisions we are ready to make the payment on Friday for the first consignment,
We are enclosing the file with prepared contract. Password: 345543

If necessary, we can send it by fax.
Looking forward to your dicision.

Attached to the emails is a password-protected ZIP file, contract_1.zip, which contains a malicious Trojan horse. Sophos is intercepting the emails…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.