Windows users warned over spammed-out gadget malware attack

GadgetWindows users are at risk of having their computers infected, after a malware attack posing as an “important company update” was spammed out.

The emails, which use forged headers to pretend to come from the same domain as your email address (in other words, if you have an email of [email protected] the email will purport to have been sent from [email protected]) have one unusual trick up their sleeve.

Rather than the malicious file being a plain executable, or a boobytrapped Word or PDF document, the malware is attached as a .gadget file.

If you haven’t heard of gadgets before, they’re the mini-programs that can run in the Windows sidebar. Often they might provide you with a number of functions, such as a desktop clock, an RSS feed or the latest weather report.

Sign up to our free newsletter.
Security news, advice, and tips.

Here is what a typical email sent in the malware campaign looks like:

Subject:

IMPORTANT – Internal Use only

Attached file:

internal_use_only.gadget

Message body:

Important Company Update
*********************************

Please read carefully the attached document

**********************************

CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.

Jonathan French, a researcher at AppRiver, said in a blog post that they had blocked over 70,000 messages infected with the malware.

French says that a main.exe file contained inside the .gadget archive is actually a downloader, which pulls down further malicious content from the net.

Most likely this means the gadget file is a downloader for some malware that is using encryption to try and bypass filters. One of the more popular pieces of malware that uses this is the GameOver Zeus malware.

Clearly that’s not something you want running on your computer.

From time to time people claim that the days of malware being spammed out en-masse are over, but clearly that’s not the case.

It may be that more and more attacks work hard to not draw attention to themselves, but there are still cybercriminals out there who are more than happy to blast out their malicious code in the hope that at least a small percentage of people will click on the attachment and infect their computers.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Windows users warned over spammed-out gadget malware attack”

  1. Chris Thomas

    You only need to look here: –
    http://support.microsoft.com/kb/2719662

    This fixit has been available for years.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.