Fake invoices in personalized emails deliver ransomware
Posted on 18.02.2013
When a business, social network or any other online service that you use or have signed up for sends you an email, they address you by the name you provided. This is one of the things that usually differentiates real email from spoofed malicious ones, but there are exceptions.

Spear-phishing emails are one, and the other is emails in which attackers extract likely names from the email address they send the message to, in the hopes of guessing the right one.

Avira's Sorin Mustaca recently received an email that falls in this latter category:

The email has purportedly been sent by German online shopping portal hse24.de and tried to convince him to open the attached file (allegedly the invoice for things he bought).

The email "contains in the body the first and last name taken probably from the email address, thus being very convincing for the unaware user," he pointed out. "The same formula is used to name the attachment Ė a zip archive with the name 'Rechnung .zip' / 'Invoice .zip'."

He also shared that the the ZIP file seemingly contains another ZIP file by another name, which in turn holds an executable created with Visual Studio containing the Reveton ransomware.

"This method of packing the malware is very clever, because very few security solutions on gateways and most certainly no local solution, scans on more than one layer recursively inside archives. Using this technique the cybercriminals ensured that the payload goes through the security checks on its route to the userís inbox," he explained.


How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victimís financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if youíre using a RF-based card, along with our top safety tips to keep your payments secure.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 22nd