Beware of malicious “Internal ONLY” emails

Malware peddlers are once again trying to trick users into downloading malware by sending out fake emails impersonating domain administrators.

The email, with “Internal ONLY” in the subject line, prompts recipients to follow a link to an encrypted message:

“In an effort to make the message seem relevant to each recipient, the URL leading to the supposed file contains the domain used in the recipient’s email address. For example, if you have an email address in the format your-name@your-service-provider.com, the link in the malware email will be displayed as:
https:// your-service-provider.com/file/internal/EncryptedMessage,” Hoax-Slayer points out.

“This simple trick ensures that at least a few recipients will believe that the email is an official notification from an administrator at their Internet service provider and click the link without due forethought.”

In this case, the file towards which the link points is a .zip file containing a Trojan.

The same exact trick has been employed before by peddlers of the Upatre downloader Trojan, which has since then become the preferred way for scammers to deliver other malware on the victims’ computers.