© Depositphotos.com/ Steve_Allen
Subject: Funeral notification
For this unprecedented event, we offer our deepest prayers of condolence and invite to you to be present at the celebration of your friends life service on Thursday, January 17, 2014 that will take place at Eubank Funeral Home at 11:00 a.m.
Please find invitation and more detailed information about the farewell ceremony here .
Best wishes and prayers,
Funeral home receptionist,
However, the emails were not sent by the funeral homes that they name. Instead, they are part of a criminal campaign designed to trick recipients into downloading and installing malware.
The example included here claims to come from Eubank Funeral Home. This is a lie, and the Eubank Funeral Home has warned users about the scam emails via its website, noting:
Urgent Warning: An email has been sent out appearing to come from Eubank Funeral Home. Please do not open the link as it is SPAM.
Alternative versions name different funeral homes. Subject lines, formatting, and other details may vary. But, all versions contain links to compromised websites that harbour malware.
Those who do fall for the trick and click the link will reach a website that may offer a .zip download. If downloaded and unzipped, the file will reveal a malicious .exe file. When opened, this exe file can install malware on the user's computer and connect to the infamous Asprox botnet. It may also download and install other malware components.
This campaign is similar to another recent spate of malware emails that masqueraded as wedding invitations. Again, links in the emails open compromised sites that contained malware.If you receive one of these fake funeral notification emails, do not click any links or open any attachments that it may contain.
Last updated: January 17, 2014