Bastille Day malware spammed out to French computer users

French flag and keyboardJuly 14th is a big day in the French calendar as it celebrates the anniversary of the storming of the Bastille in 1789.

Concerts and parades are held to celebrate La Fête Nationale, marking what is considered the birth of the modern French nation.

July 14th is just a couple of days away, of course. But that doesn’t mean that there isn’t still time to decide what you’re going to do if you want to celebrate Bastille Day.

And it doesn’t mean that there’s not an opportunity for malware authors to take advantage.

Sign up to our free newsletter.
Security news, advice, and tips.

Here’s one of a wave of spam messages being sent out to French email addresses, and intercepted by the experts in SophosLabs:

Bastille Day malicious email

Subject: Bastille Day

Attached file: BastilleDay.rar

Message body:
Bastille Day activities .See the attachment.

The attachment is, of course, malicious.

Inside the RAR archive attached to the emails is a file called

short-BASTIL_1.SCR

which has a text Notepad icon. That will be enough to probably fool many people into believing that it is a harmless text file.

Opening the SCR file (which Sophos detects as Troj/Mdrop-DPB) drops another file called WindowsUpdate.exe onto your computer and displays the following message in Notepad.

This is clearly designed to continue the illusion that you have only opened a harmless TXT file.

Bastille Day malware text

Bastille Day Festival Just Several days Away

Don't forget to mark your calendar for the biggest French festival of the year -- the 9th Annual Bastille Day festival on July 10, 2011, from noon to 8:00 p.m.

The festival features live music all day long, with an evening headliner act of "Le Jazz" with the Patrick Lamb Band as well as performances by the Portland Ballet and Portland Opera.

The popular beer and wine garden will feature Lillet apéritifs, Kronenbourg beer, and Georges Duboeuf wine; look for a whole block of food booths as well.

Visitors will enjoy shopping the crafts and vendor booths and handcrafted items, including original art. Children will enjoy the kids activity area, where they can do crafts, spin the wheel for prizes, learn how to play pétanque, or how to hula hoop.

Sophos detects the WindowsUpdate.exe malware dropped on victims' computers as Troj/Agent-SNH.

What's strange about their entire attack is that it is clearly targeting French people, but is the social engineering is conducted entirely in English. You have to think that the malicious hackers behind the campaign would have been more successful if they had used French language throughout.

Whether you're a Francophile or not, don't let malware rain on your parade. Always be suspicious of unsolicited email attachments that are emailed to you out of the blue, and ensure that you have defences in place to protect against the threats of malware and spam.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.