Spyware, viruses, & security forum: NEWS - May 03, 2012

Criminals are currently sending out a large number of bogus order confirmations that are designed make recipients open the attached malware. The attackers appear to be using stolen online store customer data to address email recipients by their real names.

The criminals pretend that the email recipient has placed an order worth several hundred euros at an online store. To make things difficult for spam filters, they vary the store names. According to emails obtained by The H's associates at heise Security, these recipients have allegedly shopped at sites including comstern.de, nierle.de and elektronikmax.de. The contact details in the email signature appear to be randomised, for example, the post code provided doesn't match the city in any of the cases.

Users who receive an order confirmation or invoice that they can't associate with a purchase should not open these file attachments under any circumstances. Unfortunately, virus scanners don't offer reliable protection in this case: when tested by heise Security, the rechnungsdaten.zip (containing rechnungsdaten.exe) attachment that is sent out in the current attack wave was only identified using its signature by 5 of a total of 42 anti-virus engines - about seven hours after it was sent. In this case, good behaviour monitoring is invaluable. The malware that is being used appears to be a variant of the ZeuS bot.

Continued : http://www.h-online.com/security/news/item/Criminals-use-bogus-invoices-to-set-virus-trap-Update-1567059.html