The staff members of an unnamed defense contractor have been receiving spam emails which attempt to trick them into opening an attachment that allegedly holds adult pictures of a Japanese model, Sophos experts report.
Entitled “If you want [adult] picture,” the messages come with a .rar file that stores a number of adult photographs of the young lady, a document, and a screensaver.
While there’s nothing malicious about the pictures, the .scr file is actually a piece of malware identified as
Mal/Behav-043.
The .doc file hides a Trojan known as
Troj/DocDrop-AF which leverages a vulnerability in Windows Common Controls to push additional malicious elements onto the target device.
This particular security hole - CVE-2012-0158 – was
patched by Microsoft back in April. However, many users fail to apply software updates on time, in some situations leaving their digital assets exposed for years on end.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
