This morning our support team received a suspicious email for investigation with a subject of “***.com account notification” – the email contained a compressed ZIP file attachment named “Instructions.zip”. It is important that users DO NOT open or execute this file as it is a Trojan virus. Delete the email immediately if you receive it.
The email is not sent on behalf of any specific company but is sent instead from a random spoofed email address of an infected machine, probably a part of a BotNet. The subject of the email is: “***.be account notification” where *** represents the domain name of the intended recipient.
The content of the email is as follows:
This e-mail was send by domain.com to notify you that we have temporanly prevented access to your account.
We have reasons to believe that your account may have been accessed by someone else. Please run attached file and Follow instructions
- An attached file named “Instructions.zip” contains a 32 kB large file named “Instructions.exe” after being extracted.
- The EXE file is trojan known as Trojan.Downloader.Kobcka.S (F-Secure), W32/Trojan2.MGAA (F-Prot) or a variant of Win32/Wigon.NT (NOD).
If you receive this email, add it to your junk email/spam list, delete it and empty your deleted items.
As updates concerning the origins of this attack become available we will post them here.