Updated The malicious spam campaign I have blogged about for the last few days has morphed again, adopting a range of new disguises.
The most prevalent messages SophosLabs is intercepting claim to come from Skype with the subject line “We’ve delivered your purchase” and have an attached file called (rather unimaginatively) file.html.
Opening the attached file, which Sophos detects as Troj/JSRedir-BO, redirects your browser to a Canadian pharmacy website selling online drugs such as Viagra and Cialis. As you’re winging your way to that online drugstore, however, you can also be hit by an exploit which attempts to load a booby-trapped PDF and slap you with an infected EXE file via some Java exploits.
As in the…
Read more in my article on the Naked Security website.