The security researchers at ESET have a good write-up on the Nemucod Trojan horse, which is being aggressively spammed out as a ZIP file attachment in order to infect computers with the Teslacrypt ransomware.
The emails have a range of disguises, but typically pose as a demand from a company that you pay an unpaid invoice.
What the criminals are hoping is that you will be so outraged at the thought a company is demanding money for something you never ordered that you will unarchive the attached ZIP file without thinking, and open its contents to learn more.
Nasty stuff without a doubt.
But what amused me was that the malware spreaders made a mistake – albeit one that probably many potential victims will fail to spot, blinded by the cunning social engineering of an unpaid invoice disguise.
Take a look at the email again.
The bad guys have clearly built a template to allow them to quickly adopt different disguises for their malware attack, and in this particular case intended for a random debt to be displayed. But clearly one of the criminals made a finger fumble when coding this particular campaign as their attempts to display a random number of cents (between 10 and 99 cents) failed to work properly!
It’s just a tiny clue that might make some people pause to think before opening the attachment. But the truth is that you cannot rely upon attackers to make elementary mistakes like this all the time.
It’s much better to run up-to-date security software, and always be on your guard over unsolicited email attachments. A little training in the ways in which malware can infect your computer can go a long way to protecting yourself against threats like this.
Being clued up about the dangers is an essential layer of your defence, as the current wave of malware-laden invoices are being rapidly adjusted by the attackers in an attempt to evade detection by anti-virus software.
Be sure to read ESET’s blog post to learn more about the threat.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.