Every once in a while, security researchers spot an email spam campaign so poorly thought out and executed that I have to wonder: “Who would fall far this?” But then I remember that a moment of distraction and/or simply curiosity sometimes makes people act irrationally.
A similar campaign has been recently spotted by Websense. It involves poorly written emails purportedly coming from well-established companies that threaten the potential victim with a lawsuit for sending out spam:
The attention grabbing subject line (“We are going to sue you”) is just one of the variations employed by this particular campaign. Other popular choices are “This is the final warning”, “Please stop sending spam messages-Â¦” and “A message from our security service.”
The attached ZIP file is not a text document, but an executable – a downloader Trojan that copies itself on the target’s computer, deletes the original file, and then proceeds to execute every time the machine is started. Needless to say, this opens the way for other malware to be downloaded and executed on the computer.