Do you own a mobile phone?
Is your mobile phone on the Vodafone cellphone network?
If so, you could be a prime target for infection by a new malware attack that has been distributed widely via email across the internet.
The attack, which SophosLabs has intercepted in its global network of email spam traps, poses as a notification about a MMS message that has purportedly sent to the recipient’s mobile phone.
Here’s what a typical email looks like:
Subject: You have received a new message
Attached file: Vodafone_MMS-uk.zip
You have received a picture message from mobile number +447775226358
To save this picture, please save attached file.
Inside the ZIP file is a malicious program (Vodafone_MMS-uk.jpeg.exe), detected by Sophos products as Troj/Agent-YXP.
The program’s use of a double extension (.jpeg.exe) is clearly a ruse to try to trick people (especially those who have told Windows to hide file extensions) into believing that the file sent to them is a genuine JPEG image rather than malware.
Of course, the messages do not really come from Vodafone. The malicious hackers have simply forged the email headers in an attempt to make their boobytrapped message look more authentic.
And, of course, it would be trivial for the cybercriminals to change their message to make it appear as though it came from another mobile phone network, rather than Vodafone.
The malware is designed to infect Windows computers rather than mobile phones, but human nature being what it is there would be no surprise if some people opened the emails when it arrives on their computer, or forwarded it from their mobile phone to a Windows PC in an attempt to view the supposed picture.
Remember – you should always be suspicious of unsolicited messages, especially when they encourage you to open an attachment or click on a link. Cybercriminals are masters of using your natural curiousity against you, hoping to trick you into infecting your computer.Follow @gcluley