We’ve just seen spam that’s supposedly from intuit.com (Quickbooks, etc.) with subjects like “Sales Receipt” or “Purchase Order Receipt” with an attached spreadsheet file. This is a malware attack designed to trick you into opening the spreadsheet, which will install malware on your computer. These are not from Intuit – most are from hacked servers in Brazil and Italy.
In nearly all cases, these were blocked or quarantined on spam.his.com, but if you’ve whitelisted intuit.com the spam may have been forwarded to you anyway since you’ve exempted that domain from checking.
If you got one of these, or find one in your spam quarantine, don’t open the attached file, which will have a name like “Sales_Receipt_8602.xls”.