Phony e-mail invoice conceals Trojan

SALT LAKE CITY, June 18 (UPI) -- A U.S. e-mail security firm says a sophisticated new malware disguised as an invoice is skulking around the Internet.

Utah-based Avinti warned Friday that the e-mail looks to be a step up in the hacker arsenal because it is addressed to the target by name and claims to have an invoice from a legitimate company, but in fact it contains a hidden Trojan.

The company said the latest wave of e-mail comes disguised as an electronic invoice from Beckman Coulter, a company that makes industrial test equipment. It could, however, just as easily come from a more consumer-oriented company.

While pfishing scams using official-looking bank or retailer pages are not new, this malware doesn't ask for account information. Instead it launches an embedded .exe file when an icon in the document -- titled proforma_invoice.doc -- is clicked. The program then monitors Web site visits and captures data and keystrokes.

Avinti Chief Technical Officer Dave Green said the program appears able to receive commands from the outside that escaped detection by many of the anti-virus programs Avinti used in its tests.

"The level of sophistication of the e-mail itself, the fact that the virus is well hidden to avoid detection, and the spoofing of a business transaction from a very reputable and well-known corporation ... indicate the frightening direction in which hackers are moving," Green said.