September 20, 2011

"We are going to sue you" scare tactic used in malicious Emails

Xue Yang

"What do I do if my email account has been spamming to the outside? I just got an email warning me that I will be sued!" 

Don't worry just yet. When spam cannot lure you, then they will try to scare you! Here is a spam social engineered to trick to you into launching malware. 

Websense® ThreatSeeker® Network has detected that an email campaign broke out on 19th September, 2011. In this campaign, emails are spoofed to appear as though they are sent from established companies. The emails even formally claims that legal action will be taken because of the spam you have sent. These emails with the fake warning even attach a ZIP file that contains a scanned copy of a document that is supposed evidence of your spam. 

Websense protects against these kinds of blended threats with ACE, our Advanced Classification Engine

One example of the spam email: 


The spam outbreak uses several alerting subject headings to attract readers' attention. The ZIP file is actually an EXE file disguised as a document after decompression. It's a kind of Trojan.Downloader virus confirmed by VirusTotal. When the trojan triggers, it copies itself to the system path under the Startup folder and deletes itself. Whenever you start the computer, the trojan will execute. This trojan can connect to remote servers and download malicious files.   

Here are some emails we received that have the malicious ZIP file attached:   


This campaign could potentially contain other variants of the trojan as attachments, however we will continue to monitor it!

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.