This spammed message assumes that a guilty or curious user will try to open the attached image that the sender will send to the user’s spouse. The spam claims to have come from a hotel, further supporting the scammer's story. The .ZIP file attachment name, DCIM.zip, is also named like how camera photos are named.

The attachment drops a worm malware to the user system when opened. Trend Micro detects and blocks the malware recognized to be WORM_CRIDEX.TN. The worm copies itself to all attached removable drives and connects to URLS that can also drop malicious files to the system.

Users should be careful of opening attachments from unknown senders, regardless of the scare tactics used.

 Spam gesperrt am/um:: 12 Juli 2012 GMT-8
 TMASE
  • TMASE Engine::
  • Patrón TMASE: 9036

Zugehörige Datei