Malware attack targets German internet users

Malware attack targets German internet users

.de domain. Image from ShutterstockDo you remember the spammed-out malware attack which appeared to be targeting French speakers last week with its offer of très sexy photos from a Gallic admirer?

Well, now it seems that German internet users are in the targets of cybercriminals.

A malware campaign has been sent out, seemingly just to email addresses ending in “.de”, claiming that photos of the recipient can be found in the attached file.

Those with a curious disposition might find it hard to resist clicking on the attachment to find out more.

Here are just a small selection of the examples we have intercepted in our spam traps:

Malicious email

Subject: Fwd: Deine Fotos

Message body:
deine Fotos findest du im Anhang (Internet Explorer format)


You’ll notice that the emails have forged “from:” addresses. Presumably the masterminds of the malware campaign are hoping that some users might be more likely to open emails that pretend to come from LinkedIn..

Malicious email

.. or Habbo Hotel.

Malicious email

Attached to each of the emails is a file, called DCIM.htm, which is detected by Sophos products as Troj/Redir-P.

The file (which users are encouraged by the email to open using Internet Explorer) attempts to contact a Russian website known to contain malware.

Remember to always be suspicious of unsolicited messages, even if they arrive in your native language.

.DE domain image from Shutterstock.