Cybercriminals hope users will be curious to find out what's inside the "PDF" file

Oct 7, 2013 11:06 GMT  ·  By

In case you come across an email entitled something like “Message 20131007,” be careful since it might be part of a malware distribution campaign.

The emails spotted by experts from MX Lab carry a file called “P7469984985.Print.pdf.exe.” The body of the message contains a line of dots and a signature that reads “Sent from my iPhone.”

What’s interesting is that the emails, at least the ones analyzed by MX Lab, appear to come from a Tiscali.co.uk address. The UK television service Tiscali was acquired by TalkTalk back in 2009, and the tiscali.co.uk domain currently redirects users to TalkTalk’s official website.

As you can see, the file that’s attached to the emails is an executable. However, the cybercriminals hope to trick recipients into thinking that it’s actually a PDF document.

The Trojan can download other malicious elements from the Internet. When it was first spotted, none of the antivirus engines from VirusTotal detected it as a threat.