Changelog 07.06.2010: Hackers spam out malware attack

Filed Under: Malware, Spam

Updated Have you received a curt email in the last 24 hours with a mysterious attachment called Changelog_07.06.20010.zip? If so, you could be at risk of falling victim to the latest attack launched by malicious hackers.

Poisoned emails have been spammed out worldwide, posing as a legitimate communication.

Malicious email with subject: Changelog 07.06.2010

Typical emails have the following characteristics:

Subject: Changelog 07.06.2010
Message body:

Good afternoon,
as promised,
<Name>

or

Dear customers,
as promised,
<Name>

or

Good morning,
as promised,
<Name>

or

Good day,
as promised,
<Name>

Attached file: Changelog_07.06.20010.zip

where <name> is the first name of the supposed sender of the email. In other words, if the from address says that the message was from "Peter Bathurst" then the email will be signed "as promised, Peter".

The intention of all this subterfuge, of course, is to trick you into opening the attachment - perhaps in the hope that you will be able to ascertain what the communication is all about (especially as there is such scant information in the message itself).

As regular readers of the Clu-blog will no doubt have guessed, the attachment is designed to infect your computer. Sophos detects the file as Mal/BredoZp-B and Mal/Zbot-U.

What's curious, perhaps, is that the subject line (which is presumably designed to match yesterday's date - 7th June 2010) doesn't match the filename, which has a seemingly superfluous zero in the year (Changelog_07.06.20010.zip). I can only imagine that the hackers behind this malicious campaign had buttery fingers and stumbled as they were creating their attack.

Don't forget the old adage the curiousity killed the cat. Similarly, careless clicking on unsolicited email attachments could lead to the downfall of your data.

Update I'm now seeing some versions of this attack where the hackers *are* using the "correct" filename of Changelog_07.06.2010.zip.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.