When Cupid brings malware instead of love

We have started to see in Germany a massive spam campaign that spreads malware in form of a classical “russian bride” spam.

russian-malware

Written in a more than questionable German language, the emails contains confusing sources. The From field mentions a name, the author of the email is another one and the contact email address in the email is a completely different one. Looks like the girl looking for a German husband has some kind of personality disorder. :)

Leaving the jokes aside, despite all these clear signs of fraud, the Russian girl sends a link to a file that is supposed to be a photo of herself .

url-russian

You did notice the filename photo.jpg_______.exe, right ?

This method of spreading malware using a double extension is as old as the malware business itself. It made us remember the old MS-DOS viruses that were having double extensions?

 

At the moment of writing this post only 7 antivirus software out of 46 included in the Virustotal.com website detected the file as malicious.

All Avira products detect the various files included in these emails as  TR/Injector.EB.64 and  TR/Cridex.EB.71.

We remind all our readers again: never click on links sent in spam emails and never execute files that you receive in emails or you download from suspicious sources.

 

Sorin Mustaca

IT Security Expert

via Avira – TechBlog http://techblog.avira.com/2013/04/11/when-cupid-brings-malware-instead-of-love/en/

Related Posts

@IT_SecurityNews and @SorinMustaca Twitter accounts suspended (updated)

Today, Twitter decided that they don’t like my accounts @IT_SecurityNews and @SorinMustaca anymore and they suspended them. I can’t post anything there for the moment…               The accounts were automatically fed by TwitterFeed from many RSS feeds. I asked Twitter why was it suspended and I’ll get back with their feedback. […]

“Your Site Has Been Hacked” ransomware email campaign in the wild

I was actually not expecting this kind of ransomware… I am used by now with “You’re hacked”, “You’re infected”… and others alike , but this one with the website is actually really interesting. What I find very disturbing is the fact that there are 5 transactions. A few were for tests, I think, but there […]

How to enable two-factor authentication for LinkedIn

More and more social media websites and not only are enabling two-factor authentication in order to secure their users better. Following Google, Facebook, Dropbox, Twitter, Microsoft now also the biggest professional network website LinkedIn has introduced two-factor authentication. Here is how to enable it in a few steps. 1. Go to your account and choose […]

One thought on “When Cupid brings malware instead of love

  1. Pingback: When Cupid brings malware instead of love | Sorin Mustaca's IT Security News aggregated

Comments are closed.