Windows users warned over spammed-out gadget malware attack

GadgetWindows users are at risk of having their computers infected, after a malware attack posing as an "important company update" was spammed out.

The emails, which use forged headers to pretend to come from the same domain as your email address (in other words, if you have an email of fred@example.com the email will purport to have been sent from Administrator@example.com) have one unusual trick up their sleeve.

Rather than the malicious file being a plain executable, or a boobytrapped Word or PDF document, the malware is attached as a .gadget file.

If you haven't heard of gadgets before, they're the mini-programs that can run in the Windows sidebar. Often they might provide you with a number of functions, such as a desktop clock, an RSS feed or the latest weather report.

Here is what a typical email sent in the malware campaign looks like:

Subject:

IMPORTANT - Internal Use only

Attached file:

internal_use_only.gadget

Message body:

Important Company Update
*********************************

Please read carefully the attached document

**********************************

CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.

Jonathan French, a researcher at AppRiver, said in a blog post that they had blocked over 70,000 messages infected with the malware.

French says that a main.exe file contained inside the .gadget archive is actually a downloader, which pulls down further malicious content from the net.

Most likely this means the gadget file is a downloader for some malware that is using encryption to try and bypass filters. One of the more popular pieces of malware that uses this is the GameOver Zeus malware.

Clearly that's not something you want running on your computer.

From time to time people claim that the days of malware being spammed out en-masse are over, but clearly that's not the case.

It may be that more and more attacks work hard to not draw attention to themselves, but there are still cybercriminals out there who are more than happy to blast out their malicious code in the hope that at least a small percentage of people will click on the attachment and infect their computers.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

One Response

  1. Chris Thomas

    May 20, 2014 at 10:56 am #

    You only need to look here: –
    http://support.microsoft.com/kb/2719662

    This fixit has been available for years.

Leave a Reply