Malicious hackers are spamming out emails around the world disguised as a changelog, with the intention of infecting recipient’s Windows computers with the attachment.
A typical email reads as follows, although there can be minor variations in the message body:
Subject: Your log 05.07.2010
as promised your changelog is attached,
Attached file: Changelog_05_07_2010.zip
The emails, by the way, are always signed off by the first name of the person who is mentioned in the message’s from: field. That field is, of course, forged – it’s not really that person who sent you the email so don’t blame them if you get infected!
Clearly the attachment’s filename has been chosen to make the email seem more timely, and the hackers are banking on users who receive the message being inquisitive enough to open the file to see what…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.