Cloudmark has been monitoring a new virus attack which started around 8:30AM Pacific time on Monday, November 16, 2009. With subject lines saying "payment request from" and mentioning a random, very large company, they're attention-getting and coming in huge quantities. As of 3PM Thursday, November 19, almost 2.5 million attempts have been made to deliver copies of this to customers protected by Cloudmark Desktop.
Some sample subject lines:
Subject: payment request from "DuPont"
Subject: payment request from "Converse"
Subject: payment request from "Mars Incorporated"
Subject: payment request from "Morgan Stanley"
Subject: payment request from "Big Lots"
The payloads for these messages have nothing to do with any of the companies mentioned, of course. Those companies are just innocent victims whose familiar names are called out to trick you into opening the email message. Instead, the attached ZIP files are intended to bring your computer under the control of someone else. Kaspersky is identifying the attachments as Trojan.Win32.Sasfis.vbw; Trend Micro calls them TROJ_AGENTT.WTRA.
Safe computing practices can protect you from being infected. Make sure your anti-virus and anti-malware programs, your operating system, and your other programs are up to date and take care to only open attachments from trusted correspondents (only
AFTER verifying that they intended to send you the attachment).