Out-of-the-blue empty emails bring redirecting malware danger

Filed Under: Malware, Spam

Have you received an email out of the blue with no message body, but with a file called

<random number>_inv.html

attached?

Well, be on your guard - as you could be in the firing line for a new malware attack that has been widely spammed out around the world.

Here is just a small snapshot of the different subject lines we've intercepted at our global network of spam traps:

Examples of redirecting malware attack in Sophos's spam traps

If you make the mistake of opening the attached HTML file your computer will be redirected to a fake anti-virus attack on a third party site. That means that you will begin to see bogus security warnings trying to trick you into handing over your credit card details, or to download further dangerous software to your computer.

Sophos's products don't have any problem intercepting the messages above as spam (and we'll be detecting the attachment as Troj/JSRedir-CO shortly), as well as intercepting the webpage that the attack attempts to connect with and blocking the fake anti-virus which hides here.

But although our customers are protected - there's still a challenge.

And that challenge is - how do we warn the public about attacks like this?

The email address that the malware is sent from changes each time, the subjects appear to be pretty randomly chosen - even the attached filename has a random component. And the message body is no use to us, from the awareness point of view, as there's nothing to see.

This isn't like the old days of worms like "Anna Kournikova" and "The Love Bug" which could be very easily described in terms that the average chap in the street would understand, so they would know what to look out for.

All we have is "look out for empty emails with an attachment which might end with _inv.html"

Ask yourself this - are your colleagues likely to find that memorable?

It's a good job that security software don't find it as hard as Joe Public to tell what's a legitimate email, and which ones carry a malware danger.

,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.