On Wednesday, experts warned users of bogus “urgent eviction notification” emails designed to trick them into installing malware. It appears there’s more than one version of these emails.
Conrad Longmore of Dynamoo’s Blog has spotted another variant that carries the subject line “Notice to quit.” It reads something like this:
“Hereby you are informed you have to quit the premises you hold until March, 21, 2014. f you stay in the currently occupied premises for a longer period of time, you will be assigned by court for forced eviction scheduled for April 5, 2014.
If court executives do not find you at home on the specified date, the court will disclaim any responsibility for safe keeping of your property left in the premises. Whether you fail to fulfill the requirements of the court you might be held liable to a fine equal to 100 minimum wage amounts.”
The file attached to these emails is named “Details_For_ Arrears_Document_ 29-01-2014_Copy_N5146.zip” and it hides a malicious executable.
At the time of writing, 23 of the 50 antivirus engines from VirusTotal can detect the threat. The malware could be a version of the Andromeda backdoor, a Trojan downloader or even a fake antivirus.
There are probably more versions of these spam emails, so be careful if you spot something similar in your inbox.
Longmore believes that this campaign is launched by the same group that’s behind the court notice spam run. In that case, there had been at least four different types of emails being sent out.
If you’re a victim of this attack, update your antivirus and scan your computer. You might want to repeat the process after a while just in case your security solution doesn’t detect the threat just yet.