IDG News Service - If you get an email message telling you a hotel has erroneously charged your credit card account, be careful. The odds are that it's part of a new spam campaign that could infect your computer.
The messages started popping up in recent days and there are already hundreds of variants on the same theme: A hotel wrongly charged a credit card number and the victim is supposed to fill out an attached form to process the refund.
"Please see the attached form. You need to fill it out and contact your bank for return of funds," read one such message, titled "Hotel Breakers Palm Beach made wrong transaction."
The 'refund' form is actually a malicious Trojan horse program that installs fake antivirus software on the victim's computer, according to Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, who blogged about the spam messages Wednesday.
His group, which maintains a massive real-time database of spam messages, has received more than 800 copies of the spam. That's not a lot of messages, but the campaign is still new.
The messages seem to be coming from the same botnet of infected computers that recently sent out similar messages warning victims that their credit card payments were overdue. Those messages led to the fake antivirus downloads too, Warner wrote in his blog post.
It's standard operating procedure for spammers to alter their messages now and then to trick new victims.
But any unsolicited message that includes an attachment should always be treated as suspicious.
Fake antivirus software is a major annoyance. It points out bogus security problems on a victim's computer and keeps pestering them until they pay out money -- usually between $40 and $120 -- to buy the fraudulent antivirus product.
Consumers who aren't sure whether these messages are legitimate should use Google to find the company's website and then call them, security experts advise.
And while many antivirus products will detect the malicious attachments used in this latest spam, the criminals change their malicious software so frequently that it's hard for the security companies to keep up. As of late Wednesday, only 19 out of 43 antivirus products used by the VirusTotal website detected this latest Trojan program.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Mobile Applications Case Study: 8 Billion Transactions a Day The story documents how the online brokerage company tradeMONSTER created a custom mobile app and the success gleaned from this initiative. Also covered...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Malware and Vulnerabilities White Papers | Webcasts