Activation Key malware morphs its disguise

by Graham Cluley on November 6, 2008 | Comments Off

Filed Under: Malware, Spam

Earlier this week I told you about a widespread spam campaign with a malicious attachment that posed as a message about account activation keys.

I'm afraid that the hackers are still spewing out their attack at a frenzied rate, with many many instances being seen in our spam traps worldwide. Furthermore, the criminals behind this attempt to infect your PC have adapted their disguise a little.

Here is an example of some of the latest emails we have been seeing:

Dangerous email about activation keys containing malicious attachment

In these latest cases, the subject line is still "The Activation Keys" but the attached file is now called new_activation_keys.zip.

Another version being seen at our global network of spam monitoring stations uses the subject line "Recovery KEYS for your account" with the attached file The_keys.zip.

Dangerous email about recovery keys containing malicious attachment

As before, you should not open these files as they contain a malicious Trojan horse (detected by Sophos as Troj/Agent-IDL or Troj/Invo-Zip).

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.