14 DAY TRIAL // Sophos researchers identified a series of spam emails that promise the recipient a changelog, but instead they deliver a piece of malware that’s often found on compromised websites.
The confusing emails, bearing the subject “Your Changelog”, come in various forms, but none of them give any indications to the so-called changelog’s purpose.
“Good day, as promised chnglog attached (Open with Internet Explorer),” reads one version.
The .htm file that’s attached to these messages apparently does nothing except for displaying a text that reads “Loading..Wait please…”. While in the foreground nothing seems to be happening, in the background the Mal/Iframe-W malware executes other malicious elements, including Troj/PDFEx-ET and Mal/ExpJS-AA.
Users are advised to be on the lookout for similar messages and ignore their claims. If by mistake you’ve already opened the .htm file, make sure that you run a full system scan using an updated security solution before it’s too late.
Update. One of our readers pointed out the fact that the Iframe malware exploits an error that exists in certain Windows versions of the Safari web browser. More details on this issue can be found here.