This spammed message assumes that a guilty or curious user will try to open the attached image that the sender will send to the user’s spouse. The spam claims to have come from a hotel, further supporting the scammer's story. The .ZIP file attachment name, DCIM.zip, is also named like how camera photos are named.

The attachment drops a worm malware to the user system when opened. Trend Micro detects and blocks the malware recognized to be WORM_CRIDEX.TN. The worm copies itself to all attached removable drives and connects to URLS that can also drop malicious files to the system.

Users should be careful of opening attachments from unknown senders, regardless of the scare tactics used.

 Data/Hora do bloqueio de spam: 12 julho 2012 GMT-8
 TMASE
  • Versão do mecan
  • Patrón TMASE: 9036

Arquivo correspondente