It seems that the new target of the Nurech gang are IKEA customers.

The latest "billing statement" looks like this.



The attached binary file is now detected as Trojan-Downloader:W32/Nurech.AS since database update 2007-02-19_09.

Similar to the previous variants, the recipient is asked to verify the billing statement by opening the file using Adobe Reader. This time, however, recipients are assured with the digital signature mumbo jumbo.

When in doubt, contact the possible source. In this case, your nearest IKEA representative.