Vodafone MMS email spam spreads malware

Filed Under: Featured, Malware, Mobile, Spam

EmailDo you own a mobile phone?

Is your mobile phone on the Vodafone cellphone network?

If so, you could be a prime target for infection by a new malware attack that has been distributed widely via email across the internet.

The attack, which SophosLabs has intercepted in its global network of email spam traps, poses as a notification about a MMS message that has purportedly sent to the recipient's mobile phone.

Here's what a typical email looks like:

Malicious email claiming to come from Vodafone

Subject: You have received a new message
Attached file: Vodafone_MMS-uk.zip

Message body:

You have received a picture message from mobile number +447775226358
To save this picture, please save attached file.

Inside the ZIP file is a malicious program (Vodafone_MMS-uk.jpeg.exe), detected by Sophos products as Troj/Agent-YXP.

The program's use of a double extension (.jpeg.exe) is clearly a ruse to try to trick people (especially those who have told Windows to hide file extensions) into believing that the file sent to them is a genuine JPEG image rather than malware.

Of course, the messages do not really come from Vodafone. The malicious hackers have simply forged the email headers in an attempt to make their boobytrapped message look more authentic.

And, of course, it would be trivial for the cybercriminals to change their message to make it appear as though it came from another mobile phone network, rather than Vodafone.

The malware is designed to infect Windows computers rather than mobile phones, but human nature being what it is there would be no surprise if some people opened the emails when it arrives on their computer, or forwarded it from their mobile phone to a Windows PC in an attempt to view the supposed picture.

Remember - you should always be suspicious of unsolicited messages, especially when they encourage you to open an attachment or click on a link. Cybercriminals are masters of using your natural curiousity against you, hoping to trick you into infecting your computer.

, , ,

You might like

14 Responses to Vodafone MMS email spam spreads malware

  1. Slow news day? Minor blip on the Sophos quality line there reporting common or garden hoax email malware story thats been around for half a decade or more but with DHL, Halifax, etc etc instead of Voda. Now an idea on the run up to Xmas would be a similar story but focusing on watching out for the epidemic levels of spam saying "you were out when we tried to deliver the Christmas presents you ordered from Amazon, click here or else" that usually appears right about now.

    • Slow news? How so?

      It's a new widespread spam campaign, helping to distribute a new malware variant.

      We could ignore it, but that's hardly going to help people who might be tricked into opening the attachment. Which would be especially bad if their chosen anti-virus didn't protect against it.

      Hope that explains our reasoning!

  2. homer holmes · 619 days ago

    just came back from Italy and felt that maybe a friend sent something. thanks google for keeping us aware of these items.

  3. John Wright · 619 days ago

    Perhaps a campagn to get microsoft to have known extensions shown instead of hidden by default!

  4. Jeremy · 618 days ago

    I was thinking this might be to do with Voda Aus but then I remembered everyone left them anyway. :P

    PS: Pass this joke onto Paul Ducklin, he'll get it.

  5. Ged Bromley · 618 days ago

    From looking at our mail filter, it's not just showing as Vodafone, I've also seen malware proporting to have come from Orange, 02, etc.

    • Janet · 132 days ago

      I'm getting the same, I can get upto 6 aday!!!!!!! just blocking each one now, and these have only just started coming through now the last couple of days, but i'm getting showered by them!

  6. Alun · 618 days ago

    Have received one today using a Three header

  7. Gordie · 618 days ago

    Just got one pretending to be from the 3 network today

  8. Simon · 618 days ago

    Our Sophos software (Endpoint and PureMessage) isn't picking up these at malware

  9. Tim · 616 days ago

    Our filters have stopped a few of these. Most from mms@telstra.com.au, some from mms@vodafone.com.au. Just waiting for Optus to deliver :)

  10. papa · 132 days ago

    been receiving 3 of these emails a day for the last week. It gets stripped of everything before it even gets to me but this virus is far from new (now March 2014)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.