Malware attack targets German internet users

Filed Under: Malware, Spam

.de domain. Image from ShutterstockDo you remember the spammed-out malware attack which appeared to be targeting French speakers last week with its offer of très sexy photos from a Gallic admirer?

Well, now it seems that German internet users are in the targets of cybercriminals.

A malware campaign has been sent out, seemingly just to email addresses ending in ".de", claiming that photos of the recipient can be found in the attached file.

Those with a curious disposition might find it hard to resist clicking on the attachment to find out more.

Here are just a small selection of the examples we have intercepted in our spam traps:

Malicious email

Subject: Fwd: Deine Fotos

Message body:
deine Fotos findest du im Anhang (Internet Explorer format)


You'll notice that the emails have forged "from:" addresses. Presumably the masterminds of the malware campaign are hoping that some users might be more likely to open emails that pretend to come from LinkedIn..

Malicious email

.. or Habbo Hotel.

Malicious email

Attached to each of the emails is a file, called DCIM.htm, which is detected by Sophos products as Troj/Redir-P.

The file (which users are encouraged by the email to open using Internet Explorer) attempts to contact a Russian website known to contain malware.

Remember to always be suspicious of unsolicited messages, even if they arrive in your native language.

.DE domain image from Shutterstock.

, , ,

You might like

2 Responses to Malware attack targets German internet users

  1. alexrk · 1167 days ago

    The day I let go off my trust for Russia... What about the malware? What it does?

  2. Freida Gray · 1165 days ago

    Why are they wanting the email opened in IE?Wouldn't any browser work as well?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley