Two More Versions of “Eviction Notification” Malware Emails Spotted

Beware of fake eviction notifications!

As expected, there are more than two versions of the “eviction notification” spam emails that are currently making the rounds.

The third variant spotted by Conrad Longmore of Dynamoo’s Blog carries the subject line “Eviction notification No8423.” Another version comes with the subject line “Notice to quit No8116.” The number and the name of the sender can vary from one email to another.

Except for the subject line and the name of the sender, the emails are similar. They both read something like this:

“Hereby you are notified that you have to move to another location from the currently occupied premises within the next three weeks. Please find the lawsuit details attached to this letter.

If you do not move within this period of time, we will have no other alternative than to have you physically removed from the property per order of the Judge. If we can be of any assistance to you during your relocation, please feel free to contact us any time.”

The file attached to the notifications is a piece of malware. Some antivirus engines detect it as a downloader, while others say it’s a fake antivirus.

Either way, users should be on the lookout for such emails to avoid ending up with an infected computer. If you’re a victim of this attack, update your antivirus and scan your computer.

Repeat the process after a virus definition database update in case the threat wasn’t detected at the time of the scan.

The cybercriminals responsible for sending out these emails keep replacing the malware with new variants to make sure they’re not detected by security solutions.

It appears to be an aggressive campaign, so chances are that you will stumble upon one of these emails in your inbox.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s