Email attachment viruses: Old tricks meet new sophisticated malware

Recent research reveals that, while email attachment viruses may be using old techniques, the malware they contain is vastly more sophisticated.

Hackers and spammers are becoming more sophisticated, but some of them still rely on an old, but effective, method: offering love and naughty photos to susceptible recipients.

It's a pretty crude and old-fashioned way to try and sucker PC users, but you only need a few to fall for it, and the exercise is worthwhile to the spammer.

Rodel Mendrez,
Threat AnalystM86 Security

The latest example, discovered by researchers at Web security vendor M86 Security, is superficially crude but contains a whole package of malware with which to infect the unfortunate user.

The message usually comes with a subject line: "Hi my love," and offers to display naked pictures. All the user has to do is click on the "pic.exe" attachment.

As M86 Threat Analyst Rodel Mendrez admits, it's a pretty crude and old-fashioned way to try and sucker PC users, but you only need a few to fall for it, and the exercise is worthwhile to the spammer.

It turns out that pic.exe is a downloader Trojan that fetches and executes malicious files from the Web. It then goes on to download ebulker_dlfjihgsleigh.exe, which installs SecurityTool, an impressive-looking but completely bogus antivirus program. The installer then sends out an HTTP request to its controlling server and downloads a second malicious file called outlook.exe.

Outlook.exe is a sniffer Trojan that drops a legitimate file wpcap.dll and packet.dll in the Windows system directory, as well as the packet filter driver npf.sys in order to monitor network traffic. It then monitors FTP, SMTP and POP3 traffic in the infected machine and sends captured data back to its control server, which could include user credentials and other useful data.

Despite featuring old-style of email attachment viruses, the attack conceals some sophisticated techniques for taking over a computer and exposing it to a potential data breach. Security vendors constantly remind users of the dangers of opening unknown attachments – especially .exe files.

Full details and screenshots of the message are available from M86.

Read more on Application security and coding requirements

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close