DSC0173519.zip - spammed out malware attack poses as photo attachment

Filed Under: Malware, Spam

Woman taking self portraitA stranger emails you out of the blue, offering you a digital photo of themselves.

What do you do?

Don't risk it - and chuck the email straight in the trashcan?

or

Take a careful look at the email, to try to weigh up the chances of it being a malicious attack?

or

Open the attachment straight away - after all, the chances of peeking at a salacious photograph outweigh the consequences of a malware infection?

Here are the details of just such an email which has been spammed around the world:

Subject: I'm going to send you the Photos in
Attached file: DSC0173519.zip

Message body:
Hello Man,

I don't know how to say it, but I've tryed before a long time to send you some photos, but I've thought that you aren't interested to see me.
But now I'm going to send you the Photos in the Attachment.
Download the pictures and extract they, I'm sure that you will like they.
The password is: 123456

Have a great day.

The messages have one attachment, called DSC0173519.zip. The ZIP file is encrypted (presumably in an attempt to defeat anti-virus products running at the email gateway - sorry Mr Cybercriminal, that didn't stop Sophos) with the password mentioned in the body of the email.

Within the ZIP is an executable file, DSC0173519.exe, which Sophos proactively detects as Mal/Behav-043.

If you're not protected by Sophos, and make the mistake of running the program it will drop another file onto your hard drive, which Sophos detects as Troj/Agent-REX spyware Trojan horse.

In other words, your Windows computer is now infected with malware and a remote hacker could be stealing information from your PC, all because you were tricked into thinking a complete stranger had sent you their digital photograph.

It may be the 21st century, but with social engineering tricks so easily fooling users into making poor decisions maybe we're kidding ourselves in believing we live in an enlightened world.

, ,

You might like

3 Responses to DSC0173519.zip - spammed out malware attack poses as photo attachment

  1. Alex · 1290 days ago

    just out of curiosity, if you open the zip archive but don't click on the picture are you infected at that point or do you have to click on the executable?
    Thanks just interested at what point the infection occurs.

  2. Sreekar Saha · 1290 days ago

    Human nature does remain the same,whatever age we are in.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.