[My colleague Josep Albors flagged this issue on the Ontinet blog a little earlier today. I've flagged it here as it's likely that there are similar messages carrying the same malware circulating in languages other than Spanish. Mistakes in translation and interpretation are mine!]
In the last few hours we have been receiving a lot of messages that are spoofed so that they appear to have been sent by the MoviStar (formerly Telefónica) company [the largest cellular operator in Spain and one of the largest in Latin America]. The mail masquerades as a response to a supposed complaint about invoices, indicating the amount to be paid and a compressed file that's supposed to contain the invoice. An example:
Recipients are likely to be surprised at getting mail like this. If they choose to open the attachment, they'll get another unpleasant surprise in the form of Trojan both ESET Smart Security and ESET NOD32 antivirus detected as Win32/Kryptik.EZN, as shown here:
This is a cute example of social engineering by trying to trick the recipient with the promise of an unexpected profit from a complaint to MoviStar that he didn't make. In recent days we have similar cases with emails appearing to come from BBVA and the Bank of Spain, but carrying a similar message.
Given the current economic crisis, it is not surprising that malware authors attempt to spread their malware by appealing to the pockets of users. Spam and scams along these lines are very common, and by no means restricted to Spanish speakers.
The technical Department of ESET's Ontinet.com recommends that users ignore and delete this type of post from their Inboxes entry and ensure that they have an antivirus installed that offers proactive protection against them.
David Harley CITP FBCS CISSP
ESET Research Fellow
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Also blogging at: