The latest example, discovered by researchers at Web security vendor M86 Security, is superficially crude but contains a whole package of malware with which to infect the unfortunate user.It's a pretty crude and old-fashioned way to try and sucker PC users, but you only need a few to fall for it, and the exercise is worthwhile to the spammer.
Threat AnalystM86 Security
The message usually comes with a subject line: "Hi my love," and offers to display naked pictures. All the user has to do is click on the "pic.exe" attachment.
As M86 Threat Analyst Rodel Mendrez admits, it's a pretty crude and old-fashioned way to try and sucker PC users, but you only need a few to fall for it, and the exercise is worthwhile to the spammer.
It turns out that pic.exe is a downloader Trojan that fetches and executes malicious files from the Web. It then goes on to download ebulker_dlfjihgsleigh.exe, which installs SecurityTool, an impressive-looking but completely bogus antivirus program. The installer then sends out an HTTP request to its controlling server and downloads a second malicious file called outlook.exe.
Outlook.exe is a sniffer Trojan that drops a legitimate file wpcap.dll and packet.dll in the Windows system directory, as well as the packet filter driver npf.sys in order to monitor network traffic. It then monitors FTP, SMTP and POP3 traffic in the infected machine and sends captured data back to its control server, which could include user credentials and other useful data.
Despite featuring old-style of email attachment viruses, the attack conceals some sophisticated techniques for taking over a computer and exposing it to a potential data breach. Security vendors constantly remind users of the dangers of opening unknown attachments – especially .exe files.
Full details and screenshots of the message are available from M86.