Fake invoices in personalized emails deliver ransomware
Posted on 18.02.2013
When a business, social network or any other online service that you use or have signed up for sends you an email, they address you by the name you provided. This is one of the things that usually differentiates real email from spoofed malicious ones, but there are exceptions.

Spear-phishing emails are one, and the other is emails in which attackers extract likely names from the email address they send the message to, in the hopes of guessing the right one.

Avira's Sorin Mustaca recently received an email that falls in this latter category:

The email has purportedly been sent by German online shopping portal hse24.de and tried to convince him to open the attached file (allegedly the invoice for things he bought).

The email "contains in the body the first and last name taken probably from the email address, thus being very convincing for the unaware user," he pointed out. "The same formula is used to name the attachment – a zip archive with the name 'Rechnung .zip' / 'Invoice .zip'."

He also shared that the the ZIP file seemingly contains another ZIP file by another name, which in turn holds an executable created with Visual Studio containing the Reveton ransomware.

"This method of packing the malware is very clever, because very few security solutions on gateways and most certainly no local solution, scans on more than one layer recursively inside archives. Using this technique the cybercriminals ensured that the payload goes through the security checks on its route to the user’s inbox," he explained.


The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Jul 28th