IDG News Service - If you get an email message telling you a hotel has erroneously charged your credit card account, be careful. The odds are that it's part of a new spam campaign that could infect your computer.
The messages started popping up in recent days and there are already hundreds of variants on the same theme: A hotel wrongly charged a credit card number and the victim is supposed to fill out an attached form to process the refund.
"Please see the attached form. You need to fill it out and contact your bank for return of funds," read one such message, titled "Hotel Breakers Palm Beach made wrong transaction."
The 'refund' form is actually a malicious Trojan horse program that installs fake antivirus software on the victim's computer, according to Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, who blogged about the spam messages Wednesday.
His group, which maintains a massive real-time database of spam messages, has received more than 800 copies of the spam. That's not a lot of messages, but the campaign is still new.
The messages seem to be coming from the same botnet of infected computers that recently sent out similar messages warning victims that their credit card payments were overdue. Those messages led to the fake antivirus downloads too, Warner wrote in his blog post.
It's standard operating procedure for spammers to alter their messages now and then to trick new victims.
But any unsolicited message that includes an attachment should always be treated as suspicious.
Fake antivirus software is a major annoyance. It points out bogus security problems on a victim's computer and keeps pestering them until they pay out money -- usually between $40 and $120 -- to buy the fraudulent antivirus product.
Consumers who aren't sure whether these messages are legitimate should use Google to find the company's website and then call them, security experts advise.
And while many antivirus products will detect the malicious attachments used in this latest spam, the criminals change their malicious software so frequently that it's hard for the security companies to keep up. As of late Wednesday, only 19 out of 43 antivirus products used by the VirusTotal website detected this latest Trojan program.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's email address is robert_mcmillan@idg.com
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
