Do you remember the spammed-out malware attack which appeared to be targeting French speakers last week with its offer of très sexy photos from a Gallic admirer?
Well, now it seems that German internet users are in the targets of cybercriminals.
A malware campaign has been sent out, seemingly just to email addresses ending in ".de", claiming that photos of the recipient can be found in the attached file.
Those with a curious disposition might find it hard to resist clicking on the attachment to find out more.
Here are just a small selection of the examples we have intercepted in our spam traps:
Subject: Fwd: Deine Fotos
Message body:
Hi,
deine Fotos findest du im Anhang (Internet Explorer format)MfG,
[NAME]
You'll notice that the emails have forged "from:" addresses. Presumably the masterminds of the malware campaign are hoping that some users might be more likely to open emails that pretend to come from LinkedIn..
.. or Habbo Hotel.
Attached to each of the emails is a file, called DCIM.htm, which is detected by Sophos products as Troj/Redir-P.
The file (which users are encouraged by the email to open using Internet Explorer) attempts to contact a Russian website known to contain malware.
Remember to always be suspicious of unsolicited messages, even if they arrive in your native language.
Follow @gcluley
.DE domain image from Shutterstock.
The day I let go off my trust for Russia... What about the malware? What it does?
Why are they wanting the email opened in IE?Wouldn't any browser work as well?