DSC0173519.zip – spammed out malware attack poses as photo attachment

Woman taking self portraitA stranger emails you out of the blue, offering you a digital photo of themselves.

What do you do?

Don’t risk it – and chuck the email straight in the trashcan?

or

Take a careful look at the email, to try to weigh up the chances of it being a malicious attack?

or

Open the attachment straight away – after all, the chances of peeking at a salacious photograph outweigh the consequences of a malware infection?

Here are the details of just such an email which has been spammed around the world:

Subject: I'm going to send you the Photos in
Attached file: DSC0173519.zip

Message body:
Hello Man,

I don't know how to say it, but I've tryed before a long time to send you some photos, but I've thought that you aren't interested to see me.
But now I'm going to send you the Photos in the Attachment.
Download the pictures and extract they, I'm sure that you will like they.
The password is: 123456

Have a great day.

The messages have one attachment, called DSC0173519.zip. The ZIP file is encrypted (presumably in an attempt to defeat anti-virus products running at the email gateway – sorry Mr Cybercriminal, that didn’t stop Sophos) with the password mentioned in the body of the email.

Within the ZIP is an executable file, DSC0173519.exe, which Sophos proactively detects as Mal/Behav-043.

If you’re not protected by Sophos, and make the mistake of running the program it will drop another file onto your hard drive, which Sophos detects as Troj/Agent-REX spyware Trojan horse.

In other words, your Windows computer is now infected with malware and a remote hacker could be stealing information from your PC, all because you were tricked into thinking a complete stranger had sent you their digital photograph.

It may be the 21st century, but with social engineering tricks so easily fooling users into making poor decisions maybe we’re kidding ourselves in believing we live in an enlightened world.