Beware ‘Your log 05.07.2010’ emails – they carry malware

Malicious hackers are spamming out emails around the world disguised as a changelog, with the intention of infecting recipient’s Windows computers with the attachment.

Malicious email message

A typical email reads as follows, although there can be minor variations in the message body:

Subject: Your log 05.07.2010

Sign up to our free newsletter.
Security news, advice, and tips.

Message body:
Dear Customers,
as promised your changelog is attached,

Attached file:

The emails, by the way, are always signed off by the first name of the person who is mentioned in the message’s from: field. That field is, of course, forged – it’s not really that person who sent you the email so don’t blame them if you get infected!

Clearly the attachment’s filename has been chosen to make the email seem more timely, and the hackers are banking on users who receive the message being inquisitive enough to open the file to see what it is regarding. Once again, that would be a bad decision – don’t forget that curiousity killed the cat.

Sophos proactively detects the attached file as Mal/BredoZp-B.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.