The maliciouus payloads these emails are carrying are often not initially detected by AV solutions, and as the volumes of these campaigns are small, and the contents of the emails are so similar to those of typical business emails (quotations, payments, orders, supply, etc.), network behavior detection, reputation evaluation and antispam rules often fail to recognize the emails as malicious spam.
The malicious attachments are more often than not Zeus variants, and they usually take the form of archive files (ZIP, RAR, etc.), and most often pose as scans of a document.
It's hard to say what users can do to keep safe from these attacks. The emails are unsolicited but that is not at all unusual when someone wants to do business with a company.
The emails purportedly come from individuals from all over the world, so grammatical and language errors are not as suspect as if they were found in an formal / template email from a well-known company or service.
Checking the attached file with VirusTotal or their own AV solution can provide a false sense of security as at the beginning the files are not detected as carrying malware.
It seems that, in cases such as these, other, more complex solutions are required to keep safe - solutions that analyze and discover suspicious patterns in the content body, message attributes, embedded links, and more.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.