Malware distribution campaign uses legal threats

SECURITY RESEARCHERS warn that an email-based malware distribution campaign is threatening users with lawsuits in order to trick them into opening malicious attachments.

In an attempt to gain credibility the rogue emails purport to originate from the Investment Company Institute (ICI), the national association of US investment companies.

The spam emails bear various subjects, most of them threatening in nature, such as, "We are going to sue you", "FW: This is a final warning", "We've sent you a copy of a complaint" or "A message from our security service".

In an ironic twist, the spammers actually accuse targeted users of sending spam. The messages reads, "Your email is sending spam messages! If you don't stop sending spam, we will be impelled to sue you!"

The purpose of this threat is to convince users to open the attached file, which the spammers claim is a document detailing the problem. "We've attached a scanned copy of the document assembled by our security service to this letter," they write.

Opening the attachment is a very bad idea, as it contains a trojan downloader. "When the trojan triggers, it copies itself to the system path under the Startup folder and deletes itself," warn security researchers at Websense.

"Whenever you start the computer, the trojan will execute. This trojan can connect to remote servers and download malicious files," they explain.

These spam messages exploit the fact that users tend to lower their guard when panicked and unfortunately they can be very convincing. This technique has long been used by spammers and is the reason why users should verify the authenticity of official-looking messages by calling the corresponding organizations. µ