Inter-company invoice emails carry malware

Have you received an unexpected “inter-company invoice” from a company for the period January 2010 – December 2010?

If so, chances are that your computer is being targeted by cybercriminals who are using the disguise as a method to infect your computer with a Trojan horse.

Companies such as Beazer Homes, KPMG, Miltek, Kraft Foods, and Safeco are named in different incarnations of the malware campaign, that is designed to trick you into opening the attached ZIP file.

Even if you haven’t done business with the company referenced in the email, you might be tempted to open the attachment (which have names like Inv._08.8_D7.zip, Corpinvoice_08.10_N47.zip, and Invoice_08.4_D6.zip) out of curiousity.

Of course, the emails have not really been sent by the companies that are named in them, and the sender’s address has been forged.

Sophos products intercept the malware as the…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.