Windows users are at risk of having their computers infected, after a malware attack posing as an “important company update” was spammed out.
The emails, which use forged headers to pretend to come from the same domain as your email address (in other words, if you have an email of email@example.com the email will purport to have been sent from Administrator@example.com) have one unusual trick up their sleeve.
Rather than the malicious file being a plain executable, or a boobytrapped Word or PDF document, the malware is attached as a .gadget file.
If you haven’t heard of gadgets before, they’re the mini-programs that can run in the Windows sidebar. Often they might provide you with a number of functions, such as a desktop clock, an RSS feed or the latest weather report.
Here is what a typical email sent in the malware campaign looks like:
IMPORTANT – Internal Use only
Important Company Update
Please read carefully the attached document
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.
Jonathan French, a researcher at AppRiver, said in a blog post that they had blocked over 70,000 messages infected with the malware.
French says that a main.exe file contained inside the .gadget archive is actually a downloader, which pulls down further malicious content from the net.
Most likely this means the gadget file is a downloader for some malware that is using encryption to try and bypass filters. One of the more popular pieces of malware that uses this is the GameOver Zeus malware.
Clearly that’s not something you want running on your computer.
From time to time people claim that the days of malware being spammed out en-masse are over, but clearly that’s not the case.
It may be that more and more attacks work hard to not draw attention to themselves, but there are still cybercriminals out there who are more than happy to blast out their malicious code in the hope that at least a small percentage of people will click on the attachment and infect their computers.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.