UK employees targeted with fake policy violation emails

A new cyber-crime attack has been tricking SMB employees in the UK into downloading Trojans by accusing them of violating company policy.

The spam wave started to accelerate last week with unique .ARJ compressed files infecting British computers. Of particular interest to the cyber-criminals who crafted the attack are British companies that offer military clothing or products to the defence and security industry (click on the screenshot to enlarge it):

The malware attack is based on Zbot or Zeus, which includes a password-stealing component enabling it to steal banking and financial usernames and passwords as well as email or FTP credentials. To avoid suspicion, the malware is delivered via a malicious email and opens a clean .rtf document which includes discipline programs and measures that companies take in case of policy violation.

Without the victims’ knowledge, the malware then tries to connect the computer to several Zbot-infected websites registered on German, Brazilian or French domains. Victims are then connected to the command and control centre, where hackers can give computers further instructions such as downloading additional malware.

“ARJ-compressed files used to distribute malicious attachments are just starting to become popular and many zip file software programs can easily open them,” states Adrian Miron, AntiSpam Researcher at Bitdefender. “Because the compression system is rarely used, spammers may very well think of it as a new method to avoid being detected by traditional security software or email filters.”

“The malicious messages use social engineering techniques to persuade victims to open .ARJ attachments,” adds Catalin Cosoi, Chief Security Strategist at Bitdefender. “At the beginning of this month, the UK Police issued a warning regarding similar emails that also contained .ARJ wrapped malware. A British student has also reported that spammers have used her number in the campaign and she kept receiving multiple calls, all asking for Howard.”

To help British employees steer clear of dangerous email attachments, Bitdefender’s Catalin Cosoi has offered his top five tips and tricks to protect employees against dangerous attachments:

  • Do not trust email attachments, even if they are not executable files. To better hide malicious code, scammers often make them look like PDFs, Word documents, JPG images or other types of files.
  • Avoid clicking on attachments even when they seem to come from reputable institutions. Malware infections are a click away even after opening a simple HTML file.
  • Don’t fall for e-mail subject lines meant to trick you or pique your curiosity. There is no reason to get an unpaid bill via e-mail or airplane tickets by accident, and you probably haven’t won the Microsoft Lottery!
  • Keep your security solution updated on all internet-connected devices and be careful with the private data you store.
  • A simple search online should tell you if a message is fake. In most cases, scammers’ repertoires are redundant and industry blogs tackle e-threat topics on a regular basis.

Don't miss