Cybercriminals are running spam campaigns designed to trick users into installing malware on their computers. A couple of interesting spam runs have been analyzed by Webroot’s Dancho Danchev.
The first campaign leverages bogus notifications entitled “Your Booking Reservation at Westminster Hotel.” The emails inform recipients that a hotel reservation has been made on their behalf.
Cybercriminals rely on the fact that users will rush to open the attachment to learn more details. In reality, the attachment is a new version of Trojan-PSW.Win32.Tepfer.
The threat connects to a command and control server that’s been used for Vodafone scams as well.
The second spam run identified by Danchev notifies potential victims that they’ve received an “export license and payment invoice.”
“Kindly open to see export License and payment invoice attached, meanwhile we sent the balance payment yesterday,” the messages read.
The emails carry a piece of malware that turns infected computers into a botnet zombie.
If you come across such emails, be sure to ignore them.