Beware Changelog spammed-out malware attack

Graham Cluley
Graham Cluley
@[email protected]

Internet users are receiving emails claiming to contain a changelog – but the files attached are really designed to infect computers.

Here’s what a typical email looks like, although the precise wording can vary.

Malware attack

Subject: Re: Your Changelog

Sign up to our free newsletter.
Security news, advice, and tips.

Message body:
Good day,
as promised chnglog attached (Open with Internet Explorer)

The subject lines and attachment names can also be different from email to email – here’s a small selection.

Malware attack

What’s important is that you don’t click on the attached .HTM file.

If you do, your browser will try to run the malicious script contained within.

Malware attack

You will see a message saying:

You are redirecting
Loading... Wait please...

But there’s more to this file than meets the naked eye. If you examine the file’s code you can see the script it is running in the background:

Malware attack

Sophos detects the malicious attachment as Mal/Iframe-W and further malware it attempts to execute via third party websites as Troj/PDFEx-ET and Mal/ExpJS-AA.

Mal/Iframe-W is no stranger to us at SophosLabs, for months we have encountered it regularly on compromised websites,. This latest attack, however, appears to be evidence that the same scripts are also being used in spam redirects.

Remember to keep your anti-virus protection up-to-date and your wits about you. Unsolicited emails inviting you to open an unknown attachment are commonly used by internet criminals to trick you into running malicious code on your computer.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.