Fall is in the air, it is finally starting to cool off and football is back in full swing. In fact it looks like it is time for the “Annual Fall Fling” or at least malware distributors would have you believe it is. Today we began seeing another recycled social engineering tactic attempting to reach your inbox. As Cybercrooks have done many times in the past they have again crafted a mass email that poses as an “Evite” to fool you into clicking on the attachment and thus infecting your PC.
The message appears from any one of [possibly thousands] of senders, as the names were different in every sample I pulled. As usual there is a zipped file attached which contains a file named Eviteinvitation.exe, which if clicked will install a variant of a Trojan Horse.
Here is a look at the message:
These have been coming in droves and are showing no signs of letting up soon. If you are an AppRiver customer then you can rest assured that we are blocking all known variants of this virus campaign. Although the technique of using a fake evite invitation may be old hat, I do expect these messages to result in a fairly high success rate for the attackers. As of 4pm today, only 4 of 43 (or 9.3%) of the major AV providers were able to identify this threat.