back to article Not your father's spam: Trojan slingers attach badness to attachment WITHIN attachment

Cybercrooks are upping the ante by loading malware as an attachment inside another attachment in a bid to slip past security defences. A new variant of the Upatre Trojan comes bundled in spammed messages that imitate emails from known banks such as Lloyds Bank and Wells Fargo. The .MSG file of the malicious emails contains …

COMMENTS

This topic is closed for new posts.
  1. Cirdan
    Linux

    Can I get pwned by ZeuS...

    ...if I'm running Linux Mint? No WINE?

    Oh. Good, then.

    So Grandma's safe from this, too?

    Super.

    Just checking.

    ;-)

    (The part of EADON today was played by...)

    ...Cirdan...

    1. Steven Raith

      Re: Can I get pwned by ZeuS...

      ....and Rex Harrison as Abraham Lincoln.

      This recursion trick obviously works - it got through our paranoid-configured Purity spam/AV filter, which is otherwise imrpessively robust.

      Cheeky.

      1. Semtex451

        Re: This recursion trick obviously works

        Scary. I'll alert what I call, the mail room.

      2. Grifter

        Re: Can I get pwned by ZeuS...

        Hamilton.

    2. RyokuMas Silver badge
      Coat

      Re: Can I get pwned by ZeuS...

      You forgot to sign off with "[insert obligatory Microsoft-related item here in caps] FAIL"...

      Therefore: EADON IMPRESSION FAIL!

      1. Anonymous Coward
        Anonymous Coward

        Re: Can I get pwned by ZeuS... The horror... the horror...

        Ban-hammered, nuked, and blacklisted, Eadon still continues to troll El Reg from beyond the grave.

        Somewhere, in an underfunded public library, sitting at an ancient P3 Compaq running Windows 98, He smiles.

  2. Simon Harris
    Facepalm

    Password protected...

    The Trend Micro site says:

    ... cybercriminals soon upped the ante by using password-protected archives as email attachments. The email includes the password as well as instructions on how to use the contents of the attachment. The use of passwords is highly notable as it adds a sense of legitimacy and importance to the message.

    So they're supposedly sending a password protected archive as an attachment and including the password and instructions in the same email, and that's supposed to give it a sense of legitimacy?

    1. Joe Harrison

      Re: Password protected...

      Yes because the encryption is military grade

    2. ecofeco Silver badge

      Re: Password protected...

      "So they're supposedly sending a password protected archive as an attachment and including the password and instructions in the same email, and that's supposed to give it a sense of legitimacy?"

      Having spent the last xx years working with your average user, the answer is "yes".

      I'll say it again, why we, the folks on the bleeding edge of computing, expect the average person to understand the most complicated device ever invented in mankind's history and become as proficient with it as we are, is beyond me.

      That is why smart phone sales exploded. Compared to your average PC, they are very easy to use. It's also why Apple is still around. It's why tablet sales are so good.

      PC basics, like basic personal finances, should be REQUIRED classes in grade school. That alone would prevent much of the fraud perpetuated on the average person.

      Although it might interfere with business profits.

  3. Tony W

    Don't expect software to save you

    Security software is sold with the false promise that it will virtually guarantee safety. People need to learn that it won't, and to be very paranoid, because they really are out to get us.

    It would help to ban zip files as email attachments, they are almost only used by spammers (and people who mistakenly put incompressible files in them.) Apart from that, people need to learn to look both ways before opening an email as they do (well, should) when crossing the road. I've nearly been caught a few times but have learned to ask myself a couple of simple questions:

    "Why would xxx (HMRC or whoever) make me open an attachment to find what it's about, rather than put more information in the body of the email?"

    "Could I check the information on their web site instead?"

    There's no hope for those who think they might have won a lottery that they haven't entered, but it is possible to train reasonably smart people to be a lot more cautious, and it pays dividends in reduced calls to sort out infected systems.

    1. Joe Harrison

      Re: Don't expect software to save you

      Zip files are handy if you want to send 400 small jpgs to someone by email. I know this because gmail does not let you attach them grr

    2. I ain't Spartacus Gold badge

      Re: Don't expect software to save you

      I regularly get zipped files emailed to me. It's common in the construction industry, where tender documents can get pretty huge.

      Although I've noticed lots of links to Dropbox going round in the last 6 monnths, so maybe the zips aren't getting through corporate mail scanners anymore.

    3. Anonymous Coward
      Anonymous Coward

      'Security software is sold with the false promise that it will virtually guarantee safety'

      The tragic thing is, some people paying for up-to-date home security packages will think the end of XP doesn't apply to them... Not realizing that retail security software is largely impotent! (As reported here on the Reg many times)

    4. James O'Shea

      Re: Don't expect software to save you

      "It would help to ban zip files as email attachments, they are almost only used by spammers (and people who mistakenly put incompressible files in them.)"

      Oh? Really? Some of us (me, for example) get numerous ZIP files on a daily basis. It's just easier to stick all relevant files to a project into a single folder and ZIP the folder rather than attach files individually. Especially when a project might have dozens of relevant files. (I got a ZIP with 29 files included last week. And yes, all 29 had been updated, most by only minor tweaks, but still there were changes and they had to be accounted for.)

      And, oh yeah, in many cases the files in the ZIP might include a JPG or a PNG or a PDF or two... not to compress them, but to send them along with the other relevant files.

      Any attempt to ban ZIP files will be met with serious resistance.

      1. Steven Raith

        Re: Don't expect software to save you

        That serious resistance will be renaming them as stuff.abc, rather than stuff.zip, which seems to fool 90% of attachment filters I've come across (all of which are presumably blacklist powered, rather than whitelist)

        "Yar, just rename this at your end, it'll be reet".

  4. myhandler

    >>Upatre can be likened to a sherpa in the world of cybercrime, setting up a base camp for assaults by other cybercrime tools on weakly secured systems.

    Dreadful simile.

    A sherpa leads people to safety.

  5. Elmer Phud

    zip file from the bank via email?

    "The ZIP files poses as a password-protected archive containing a "secure message" from the intended victim's bank "

    I can't think why the bank would want to send me a Russian doll email - especially a zip file.

    Ah well, it's not as if I don't hover over links in emails from 'banks' anyway - it's always amusing to see the return address turning out to be one at Gmail.

  6. Anonymous Coward
    Anonymous Coward

    Xzibit believed to be behind this worrying development.

    Yo dawg, I herd you like malicious attachments, so we put a malicious attachment in... er, sod it, you can figure out the rest yourselves. :-P

    1. Steven Raith

      Re: Xzibit believed to be behind this worrying development.

      And a sausage dropped off my fork onto my shirt from snorting with laughter too hard is what I get for reading El Reg comments when eating me tea.

      Upvote APPROVED, sir.

    2. ecofeco Silver badge

      Re: Xzibit believed to be behind this worrying development.

      People still remember him?

      Have an upvote from me as well.

  7. Peter2 Silver badge

    The people who should really be answering questions are the total morons like Voltage SecureMail who send HTML attachments in their legitimate emails with a username and password box, apparently trusting that phishers would NEVER send a damned near identical email with an HTML file with a html form set to the spammers server to get the login details.

    They also contribute towards reducing security by getting users used to having to open attachments from unexpected emails, which they are otherwise highly sceptical about.

  8. All names Taken
    Paris Hilton

    Sophistication? Uh-ho

    Apparently someone earned over a million spondoolies by an email to a UK educational establishments (they used to be schools but nowadays ... )

    http://metro.co.uk/2014/04/08/school-with-worst-gcse-results-lost-1million-to-textbook-fraud-4692001/

    So long as the message appears believable it seems to work?

  9. Steven Roper

    Doesn't make any difference

    Rule 1: "No bank, government department or financial institution will ever ask you to click a link in an email or open an attachment,no matter how official it looks."

    Rule 2: "If you get an email with a link or attachment from someone you know, always phone that person first to confirm that they've sent it before opening the attachment or clicking the link."

    Rule 3: "If you get an email with a link or attachment from someone you don't know, delete it. No matter how interesting or funny or wonderful it may seem, delete it. Don't think, just do it."

    I've drilled these three simple rules into the heads of my friends and family as though they were god's own commandments. I also set them up with Firefox, Adblock and NoScript, set NS to allow scripts for the major sites like Google, Facebook, YouTube, and each person's own banks and favourite sites, and left them to it. Since then, I haven't had to disinfect any of their computers for several years. It's not rocket science. A few simple precautionary principles will protect you from even the most devious tricks.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022