Bastille Day malware spammed out to French computer users

Filed Under: Malware, Spam

French flag and keyboardJuly 14th is a big day in the French calendar as it celebrates the anniversary of the storming of the Bastille in 1789.

Concerts and parades are held to celebrate La Fête Nationale, marking what is considered the birth of the modern French nation.

July 14th is just a couple of days away, of course. But that doesn't mean that there isn't still time to decide what you're going to do if you want to celebrate Bastille Day.

And it doesn't mean that there's not an opportunity for malware authors to take advantage.

Here's one of a wave of spam messages being sent out to French email addresses, and intercepted by the experts in SophosLabs:

Bastille Day malicious email

Subject: Bastille Day

Attached file: BastilleDay.rar

Message body:
Bastille Day activities .See the attachment.

The attachment is, of course, malicious.

Inside the RAR archive attached to the emails is a file called

short-BASTIL_1.SCR

which has a text Notepad icon. That will be enough to probably fool many people into believing that it is a harmless text file.

Opening the SCR file (which Sophos detects as Troj/Mdrop-DPB) drops another file called WindowsUpdate.exe onto your computer and displays the following message in Notepad.

This is clearly designed to continue the illusion that you have only opened a harmless TXT file.

Bastille Day malware text

Bastille Day Festival Just Several days Away

Don't forget to mark your calendar for the biggest French festival of the year -- the 9th Annual Bastille Day festival on July 10, 2011, from noon to 8:00 p.m.

The festival features live music all day long, with an evening headliner act of "Le Jazz" with the Patrick Lamb Band as well as performances by the Portland Ballet and Portland Opera.

The popular beer and wine garden will feature Lillet apéritifs, Kronenbourg beer, and Georges Duboeuf wine; look for a whole block of food booths as well.

Visitors will enjoy shopping the crafts and vendor booths and handcrafted items, including original art. Children will enjoy the kids activity area, where they can do crafts, spin the wheel for prizes, learn how to play pétanque, or how to hula hoop.

Sophos detects the WindowsUpdate.exe malware dropped on victims' computers as Troj/Agent-SNH.

What's strange about their entire attack is that it is clearly targeting French people, but is the social engineering is conducted entirely in English. You have to think that the malicious hackers behind the campaign would have been more successful if they had used French language throughout.

Whether you're a Francophile or not, don't let malware rain on your parade. Always be suspicious of unsolicited email attachments that are emailed to you out of the blue, and ensure that you have defences in place to protect against the threats of malware and spam.

, , , ,

You might like

One Response to Bastille Day malware spammed out to French computer users

  1. desertfool · 1198 days ago

    They could have done a better job and written it in French.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.