Updated Have you received a curt email in the last 24 hours with a mysterious attachment called Changelog_07.06.20010.zip? If so, you could be at risk of falling victim to the latest attack launched by malicious hackers.
Poisoned emails have been spammed out worldwide, posing as a legitimate communication.
Typical emails have the following characteristics:
Subject: Changelog 07.06.2010
Message body:Good afternoon,
as promised,
<Name>or
Dear customers,
as promised,
<Name>or
Good morning,
as promised,
<Name>or
Good day,
as promised,
<Name>Attached file: Changelog_07.06.20010.zip
where <name> is the first name of the supposed sender of the email. In other words, if the from address says that the message was from “Peter Bathurst” then the email will be signed “as promised, Peter”.
The intention of all this subterfuge, of course, is to trick you into opening the attachment – perhaps in the hope that you will be able to ascertain what the communication is all about (especially as there is such scant information in the message itself).
As regular readers of the Clu-blog will no doubt have guessed, the attachment is designed to infect your computer. Sophos detects the file as Mal/BredoZp-B and Mal/Zbot-U.
What’s curious, perhaps, is that the subject line (which is presumably designed to match yesterday’s date – 7th June 2010) doesn’t match the filename, which has a seemingly superfluous zero in the year (Changelog_07.06.20010.zip). I can only imagine that the hackers behind this malicious campaign had buttery fingers and stumbled as they were creating their attack.
Don’t forget the old adage the curiousity killed the cat. Similarly, careless clicking on unsolicited email attachments could lead to the downfall of your data.
Update I’m now seeing some versions of this attack where the hackers *are* using the “correct” filename of Changelog_07.06.2010.zip.
