The attacks rely on malware attached to the emails that purportedly come from "friends" who want to share great deals, explained Avi Turiel, director of product marketing at Commtouch, in a blog. The scams are also using LinkedIn “friends” as well.
Turiel explained that these attacks are different from the blended attacks, which mix email and web links to spread malware, since they use attached malware rather than links to drive-by malware.
“Using email templates modeled on Groupon and LinkedIn increases the chances that recipients will consider the attachment genuine and worth opening....Recipients are invited to open the attachment to view the gift details and also to forward it on to friends. All the links within the ‘offer’ point to genuine Groupon sites”, Turiel wrote.
Instead, the attached zip file deposits the W32/Trojan3.DWY on the victim’s computer. Once on the computer, the malware tries to download and install files from remote servers.
Only 30% of the 41 engines on VirusTotal, a free virus-checking website, detected the malware within a few hours of the attack, Turiel related.