A stranger emails you out of the blue, offering you a digital photo of themselves.
What do you do?
Don’t risk it – and chuck the email straight in the trashcan?
or
Take a careful look at the email, to try to weigh up the chances of it being a malicious attack?
or
Open the attachment straight away – after all, the chances of peeking at a salacious photograph outweigh the consequences of a malware infection?
Here are the details of just such an email which has been spammed around the world:
Subject: I'm going to send you the Photos in
Attached file: DSC0173519.zip
Message body:
Hello Man,
I don't know how to say it, but I've tryed before a long time to send you some photos, but I've thought that you aren't interested to see me.
But now I'm going to send you the Photos in the Attachment.
Download the pictures and extract they, I'm sure that you will like they.
The password is: 123456
Have a great day.
The messages have one attachment, called DSC0173519.zip. The ZIP file is encrypted (presumably in an attempt to defeat anti-virus products running at the email gateway – sorry Mr Cybercriminal, that didn’t stop Sophos) with the password mentioned in the body of the email.
Within the ZIP is an executable file, DSC0173519.exe, which Sophos proactively detects as Mal/Behav-043.
If you’re not protected by Sophos, and make the mistake of running the program it will drop another file onto your hard drive, which Sophos detects as Troj/Agent-REX spyware Trojan horse.
In other words, your Windows computer is now infected with malware and a remote hacker could be stealing information from your PC, all because you were tricked into thinking a complete stranger had sent you their digital photograph.
It may be the 21st century, but with social engineering tricks so easily fooling users into making poor decisions maybe we’re kidding ourselves in believing we live in an enlightened world.
Related Posts
- PlayStation Network hacked: Personal data of up to 70 million people stolen
Users of Sony's PlayStation Network are at risk of identity theft after hackers broke into the system, and accessed the personal information of videogame players.
The implications of the hack, which r... - Spam from your Facebook account? Malware attack poses as official warning
Cybercriminals are adopting a new disguise, following last week's "Facebook password changed" malware attack.
Computer users are discovering malicious code has been sent to their email inboxes, preten... - An open letter to Facebook about safety and privacy
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crim... - Data thefts far more common than just Sony and Epsilon
In the wake of the press reports concerning the recent data breaches at Sony and Epsilon, some organizations are getting the wrong idea about modern online attacks. The media largely chooses to cover ... - FBI takes on Coreflood botnet – but is this a step too far?
Two weeks ago, the Federal Bureau of Investigation (FBI) obtained a court order in Connecticut, USA. This court order allowed the FBI to undertake an anti-cybercrime operation of a sort which had neve... - Free anti-virus for Mac named Best Anti-Malware solution at SC Awards
Who would have thought it? A free anti-virus program for Apple Macs being named best anti-malware solution ahead of those security products for boring old Windows.Well, that's exactly what happened at... - I LOVE YOU – Virus-inspired movie trailer and world premiere
The Love Bug. I LOVE YOU. LoveLetter. All different names for one of the world's most famous viruses, which spread around the globe in May 2000, infecting millions of computers and clogging up email s... - Memories of the Chernobyl virus
Today is the 25th anniversary of the explosion at the Chernobyl nuclear power plant, which resulted in the world's worst nuclear accident.Vigils have been held to commemorate the disaster, where an ex... - Stars virus: Iran claims to intercept second cyberwarfare attack
Iranian officials today claimed to have intercepted a cyberwarfare attack, involving malware designed to spy upon government systems.
The malware has been dubbed the "Stars" virus by Gholamreza Jalali... - Anger after scam-exposing community shut down by Facebook
In a bizarre and hard-to-understand move, a Facebook page which claims it helped countless Facebook members stay safe online on the social network has been shut down... by Facebook.
The Bulldog Estate...
Posted on 19 April 2011. Tags: DSC0173519.zip, Featured, Malware, Spam
The above information is reprinted from and copyrighted © by Naked Security - Sophos.
