MALWARE - 'My New Photo' Emails
Emails with the subject line and text 'my new photo :)' include an attached .zip file that supposedly contains the promised image.
The attached .zip file harbours a .exe file that, if opened, can install a trojan on your computer. The criminals responsible for the emails hope that at least a few recipients will be curious or intrigued enough to open the attachment. Such social engineering tricks are a simple but effective means of distributing malware.
Identity theft is one of the fastest growing crimes in the world. Learn how to stay safe online with Hoax-Slayer's comprehensive eBook:
Subject: My photo ;)
my new photo ;) if you like my photo to send me u photo
Subject: My new photo
My new photo , send u photo ;)
Subject: Hola my photo
hola my new photo , send u photo ;)
'My new Photo' Emails Hitting Inboxes
Users around the world have reported receiving brief emails with the subject line 'My New Photo' along with a 'winking' smiley. The text of the messages repeats the subject line and invites people to send their own photo if they like the image.
The emails include an attached file titled 'photo.exe'. The supposed sender of the email is listed as one of several common female names such as Emily, Sarah, Mary and Lucy. Some include just the first name while many others also include the surname 'Love'.
Email Attachment Contains Malware
However, as users with even moderate computer security knowledge would suspect immediately, the attachment contains a malicious file
Opening the attached .zip file reveals a second file named 'photo.exe'. If users proceed to click on this .exe file, a trojan will be installed on their computers. Once installed, the trojan can create connections to servers controlled by criminals, download further malware and automatically redirect your browser to undesirable websites.
Campaign Uses Simple but Effective Social Engineering Trick
This malware attack hopes to exploit simple human curiosity and desire to trick users into opening the attachment without due caution.
The combination of female names and the suggestive winking smiley may cause at least a few naïve - or forever hopeful - males to click the attachment in the hope of discovering a salacious image.
While such simple social engineering tricks may seem quite transparent to many users, they do work. Every day, all around the world, people manage to get their computers infected by opening attachments or following links in emails just a simple as the example above.
© Depositphotos.com/ stuartmiles
Last updated: April 10, 2015
First published: September 22, 2014
By Brett M. Christensen