- Popular
- Most Commented-On

Online Threat Alerts (OTA)

An anti-cybercrime community alerting the public to web or internet threats.

Recently Commented On

Is Abhelpline a Scam? Review of abhelpline.com Customer Support Website - Public Review Community
- 1 year ago
- Views: 17,161
- 285 Comments

Norskla Limited Scam Store at norskla.com - Phishing - Scamming - Fraud - Identity Theft

4 weeks ago
Views: 2,942
1 Comment

Is Bupa Give Back a Scam? Cashback Reward Program - Phishing - Scamming - Fraud - Identity Theft

1 year ago
Views: 887
3 Comments

Guy Fieri Pit Boss Scam and Grill Giveaway - Phishing - Scamming - Fraud - Identity Theft

2 months ago
Views: 1,095
5 Comments

Vanceone Limited Scam Store at vanceones.com - Phishing - Scamming - Fraud - Identity Theft

1 month ago
Views: 6,850
42 Comments

Fake Emails with a Malicious Zip File Attached that Contains a Virus

Comments: 27
Views: 4,045
Save
Updated: Dec. 24, 2020 2020-12-24T05:32:17
Posted: Apr. 28, 2015 2015-04-28T12:29:51
Online Threat Alerts (OTA)

We have noticed that cyber-criminals are sending out thousands of fake email messages with an attached Zip or compressed file (a file with name ending with '.zip', '.rar', ".gz", or '.cab') that contains a virus or a Trojan horse. The files are sent in a compressed or Zip format to help prevent anti-virus software from detecting and deleting them. And, any attempt by the recipients to open the malicious attachment will result in their computers getting infected with a virus, Trojan horse or some other computer malware.

The cyber-criminals behind the fake and malicious emails, make them look convincing, by making the emails look as if they were sent from a legitimate company, family or friend, by using a technique called email spoofing.

Email spoofing allows someone to send an email message, and make that message appears as if it came from someone else.

For example:

I can send an email message from my personal email account to my friend, and make the email message appear as if it was sent from “president@whitehouse .gov”. This can be easily done by just changing the "From" address of the email message. So, it doesn't mean that an email message was sent from someone because their email address appears in the "From" address line of the message.

Now, because of this, unexpected email messages with a compressed or Zip file attached should never be opened, regardless of who they appear to have been sent from.

Also, click here for a list of email attachments that you should never open, regardless of who the email message appears to have been sent from.

Now, if you have received one of the fake email messages and have opened the malicious attachment, please do a full scan of your computer with the antivirus software installed on it. If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search

engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.

Was this article helpful? +

Yes (4)
No (0)

Share this with others:

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

January 5, 2021 at 8:58 PM by an anonymous user from: Downtown Redmond, Redmond, Washington, United States
What if the file was attempted to be opened on an iPhone?
remove
- January 5, 2021 at 9:38 PM by info
  The files are used to target Windows computers, not Apple iOS that your iPhone uses, therefore, your phone will not get infected.
  remove
March 4, 2019 at 8:32 AM by info
Here is another scam:
"PO / New Order
Mon 04/03/2019 09:24
From: "Skylite Royal Group"
To: Recipients
Attachments1
Please find attached PO copy for subject mentioned Order.
Regards,
Skylite Royal Group"
remove
June 23, 2017 at 12:04 AM by info
Here is another malicious email:
"PO#1036-1
Thu 22/06/2017 23:44
From: Joselito
To: undisclosed-recipients:
-
Good day.
Kindly find the attached our Company official PO#1036-1 dated:22-06-2017 and please confirm on receipts.
I will send the swift copy of payment once I received the message from our bank.
Note: we will make PO for the item 29-34 once you confirm the availability. ( awaiting for your quotation.)
Thanks’
Joselito"
remove
January 8, 2017 at 12:33 AM by an anonymous user from: Mesa, Arizona, United States
Here's a couple we got over the holidays:
FedEx Priority Solutions <bradley.byrd@walkingthemedicinewheel.com>
To: [deleted]
Parcel #00965297 shipment problem, please review
Dear Customer,
We can not deliver your parcel arrived at December 25.
You can find more details in this e-mail attachment!
With gratitude,
Bradley Byrd,
Office Clerk.
Delivery-Receipt-00965[#].zip
- - -
USPS Ground Support <lee.cunningham@lassalinas.es>
To: [deleted]
Notification status of your delivery (USPS 0934#)
Dear Customer,
We can not deliver your parcel arrived at December 15.
Please check the attachment for details!
Yours sincerely,
Lee Cunningham,
USPS Senior Office Manager.
Delivery-Receipt-0934[#].zip
remove
September 29, 2016 at 10:05 AM by info
Here is another malicious email message that should be deleted if received:
"Subject: Temporarily blocked
From: Kelly Conrad (Conrad.415@constructionlawseminars.com)
Sent: Thu 9/29/16 9:02 AM
Attachment: debit_card_37763763.zip (11.0 KB)
Dear info,
this is to inform you that your Debit Card is temporarily blocked as there were unknown transactions made today.
We attached the scan of transactions. Please confirm whether you made these transactions.
King regards,
Kelly Conrad
Technical Manager - Online Banking
e-mail: Conrad.415@constructionlawseminars.com"
remove
September 29, 2016 at 8:39 AM by info
Here is another malicious email message:
"From: Marcella Gibson (Gibson.533@pldt.net)
Sent: Wed 9/28/16 9:19 PM
Attachment: contract_scan_9727a6f53.zip (10.7 KB)
Dear, thanks for working with us.
We are sending the contract that we agreed on last week.
Please read through the attachment and return us the scan of the signed contract.
King regards,
Marcella Gibson
Managing Director
e-mail: Gibson.533@pldt.net"
remove
September 28, 2016 at 9:31 AM by info
Here is another malicious email message:
"From: Gregg Reeves (Reeves.57@wellchosenwords.biz)
Sent: Wed 9/28/16 7:50 AM
Attachment: proposal_form_2d3dc889.zip
Dear,
You are receiving this email because the company has assigned you as part of the approval team.
Please review the attached proposal form and make your approval decision.
If you have any problem regarding the submission, please contact Charmaine.
Best regards,
Gregg Reeves
Head of Finance UKGI Planning"
remove
September 25, 2016 at 9:45 AM by info
Here is another malicious email:
"From: Global Service Exchange <no_replay@idmsa-gsx-support.com>
Subject: Your Apple ID has been locked for security reasons
Date: Sun 9/25/16 7:36 AM
Attachment: Case ID_1000531542.zip
Your Apple ID has been locked for security reasons.
Dear user,
You must unlock your account before signing in please download attached file in email .
Your Case ID: 1000531542
Apple Support"
remove
September 22, 2016 at 7:11 PM by info
Here is another malicious email:
"From: Corina Dunn (Dunn.168@avertex.com)
Sent: Thu 9/22/16 5:25 PM
Attachment: 34bbdfd04ad.zip (11.0 KB)
Dear info, thank you very much for your order!
Total amount of $354.57 was charged for your order #D-1732005.
All the details are in the attachment. Delivery will arrive at 15:00 coming Monday."
remove
September 22, 2016 at 7:42 AM by info
Here is another malicious email:
"From: Mona wilson-barkworth <Mona.wilson-barkworth041@irec.se>
Subject: Receipt of payment
Date: Wed 9/21/16 9:58 PM
Attachment: Receipt.zip (7.8 KB)
Good afternoon,
Thank you for you call this afternoon.
Please find attached your receipt of payment.
If you need anything else please feel free to contact me on the details below.
Kind regards.
Mona wilson-barkworth
Credit Controller
IB GIBL Credit Control"
remove
September 20, 2016 at 3:17 PM by info
Here is another fake email with a malicious Zip attachment:
"From: Luann Watson <Watson.5698@chairezcatering.com>
Subject: Out of stock
Date: Tue 9/20/16 2:39 PM
Attachment:273c753ea5e1.zip (11.5 KB)
Dear info, we are very sorry to inform you that the item you requested is out of stock.
Here is the list of items similar to the ones you requested.
Please take a look and let us know if you would like to substitute with any of them."
remove
September 19, 2016 at 2:47 PM by info
Here is another malicious email:
"From: Melba Dawson (Dawson.83@chathome.ru)
Sent: Mon 9/19/16 12:35 PM
Attachment: 40b9d8e3b88.zip (13.2 KB)
Dear info, we are currently processing the order #6758264-0902016 you made yesterday.
Attached is the tracking number (b4f94278954715a5b 9107a100c24f5c0a85db d9b8bedb7daae82e44104f1).
If you encounter any problem receiving it, please contact us promptly."
remove
September 19, 2016 at 9:41 AM by info
Here is another malicious email:
"Dear info, we have sent your parcel by Express Parcel service.
The attachment includes the date and time of the arrival and the lists of the items you ordered. Please check them.
Thank you."
remove
September 16, 2016 at 6:37 PM by info
Another fake email with a malicious zip file:
"From: Evangelina Lawson (Lawson.4890@florapdx.com)
Sent: Fri 9/16/16 9:35 AM
Attachments: 224033cd94ec.zip (9.8 KB)
Dear info, as you inquired, here is the invoice from September 2016.
Let me know whether it is the correct invoice number you needed or not."
remove
September 14, 2016 at 11:14 AM by info
Here is another malicious email message:
"From: ship-confirm@sanfranphoto.com
Sent: Wed 9/14/16 10:47 AM
Attachments: Shipping Notification 00399431.zip
PLEASE DO NOT REPLY TO THIS E-MAIL. IT IS A SYSTEM GENERATED MESSAGE.
Attached is a pdf file containing items that have shipped
Please contact us if there are any questions or further assistance we can provide"
remove
September 13, 2016 at 9:25 PM by info
Another malicious email:
"From: Earline Wynn (Wynn.81@fhscomputerskills.org)
Attachments: 47101decea0.zip (20.7 KB)
Good day info, Freeman asked you to file the office equipment receipts.
Here is the photocopying equipment receipts purchased last week.
Please send him the complete file as soon as you finish.
Best regards,
Earline Wynn"
remove
September 13, 2016 at 6:29 AM by info
Here is another malicious email:
"From: Mara Rosario (Rosario.9666@pigartgraphics.com)
Sent: Mon 9/12/16 11:25 PM
Attachments: c0cbd629cd.zip (22.9 KB)
Dear customer,
The bank has sent loan confirmation letter. Please review the amount of funds.
Many thanks,
Mara Rosario
Personal Manager"
remove
September 8, 2016 at 8:34 AM by info
Here is another email with a virus attached:
"[Vigor2820 Series] New voice mail message from 01465265636 on 2016/09/08 15:43:48
voicemail@onlinethreatalerts.com Add to contacts
Attachment: Message_from_01465265636.wav.zip
Dear :
There is a message for you from 01465265636, on 2016/09/08 15:43:48 .
You might want to check it when you get a chance.Thanks!"
remove
September 7, 2016 at 2:37 PM by info
Here is another malicious email:
"Subject: Invoice #ad5b7-2016
From: Patrica Higgins (Higgins.130@commutertisements.com)
Sent: Wed 9/07/16 1:20 PM
Click for Options
6bddc7fedcf.zip
Download as zipSave to OneDrive
Dear info, we have attached the debt payment invoice. Please view the due amount.
Respectfully,
Patrica Higgins"
remove
September 7, 2016 at 10:50 AM by info
Here is another scam:
"Hi there,
Angelia assigned you to make the payment agreement for the new coming employees.
Here is the agreement form. Please finish it urgently.
Best Regards,
Josefa Carrillo
Support Manager"
remove
September 6, 2016 at 8:41 AM by info
Here is another email message to look out for that has a malicious .zip attachment:
"Hi info, Hai told me you have lost some of the last few months' utility bills.
So, I am sending to you the copies saved in my computer. Let me know if I sent the right receipts.
Best Regards,
Susanna Hardin"
remove
September 6, 2016 at 1:07 AM by info
Here is a dangerous email message with a malicious Zip file attached:
"Hi info, Hai told me you have lost some of the last few months' utility bills.
So, I am sending to you the copies saved in my computer. Let me know if I sent the right receipts.
Best Regards,
Susanna Hardin"
remove
September 5, 2016 at 8:40 AM by info
Here is an email with a malicious attachment:
"From: Octavio Scott <Scott.3205@thevear.com.br>
Subject: Credit card receipt
Date: Mon 9/05/16 7:29 AM
Attachment: 3935a0377f9d.zip (11.3 KB)
Dear info,
We are sending you the credit card receipt from yesterday. Please match the card number and amount.
Sincerely yours,
Octavio Scott
Account manager"
remove
August 31, 2016 at 9:52 AM by info
Here is another sample of a fake email message with a malicious zip file attached that will infect your computer if open:
"From: Janna Rosario (Rosario.966@ptahx.com.br)
Sent: Wed 8/31/16 7:43 AM
Attachment: 1d05a2c661.zip (22.8 KB)
Good morning info.
Attached is the bank transactions made from the company during last month.
Please file these transactions into financial record.
Yours truly,
Janna Rosario"
remove
December 28, 2015 at 8:33 AM by info
Here is a dangerous email message with a malicious Zip file attached:
"From: Moradi K.
Sent: Sunday, December 27, 7:49 PM
Subject: [SPAM] Re: 1129300
Attachment: Scan_11293-pdf.zip (Scan_11293-pdf.exe)
Dear Sir,
Please find attached PO1129300 for your confirmation, thanks
Regards,
Moradi K."
remove
June 12, 2015 at 6:48 AM by an anonymous user from: Arlington, Virginia, United States
I get the 'notice to appear' and many others with attachments, but I never open them, as in the early days of e-mail, I decided to make it a policy, to never open attachments from anyone, even family, unless I am expecting that particular attachment.
remove