back to article Don't open that 'copyright infringement' email attachment – it's an infostealer

Organizations should be on the lookout for bogus copyright infringement emails as they might be the latest ploy by cybercriminals to steal their data. The most recent version of the Rhadamanthys infostealer malware is being spread far and wide, targeting organizations across multiple continents, as part of an ongoing phishing …

  1. Martin-73 Silver badge
    Windows

    FFS

    Don't open random attachments, this has been the rule since giants roamed the earth. and also email is plain text, html is for www

    even if i... could form a sentence for how mind numbingly shit this is. DO NOT EVER USE AN EMAIL CLIENT THAT ALLOWS THIS SHIT

    1. cyberdemon Silver badge
      Facepalm

      Re: FFS

      I thought for a second that even a complete numbskull would notice a .EXE and a .DLL in their .ZIP, and think it just a little bit phishy, but then I remembered that WINDOWS HIDES FILE EXTENSIONS BY DEFAULT.

      Stop doing that, borkzilla, and you would save a few numbskulls paying customers..

      1. cornetman Silver badge

        Re: FFS

        > ...WINDOWS HIDES FILE EXTENSIONS BY DEFAULT.

        For the life of me, I have *never* understood the reasoning behind that. If there is no extension, how are you supposed to know what it is?

        1. Peter Gathercole Silver badge

          Re: FFS

          Windows selects an icon for the file for any extension it knows about.

          Of course, this is never any real good, as often it is too small to recognise (depending on the options you select), and also it's quite easily spoofed.

          1. cyberdemon Silver badge

            Re: FFS

            Quite easily spoofed? Trivially, because if the extension is .EXE then Windows happily reads the icon from the .EXE file itself..

            But that would be fine, so long as it was obvious that the file is an executable presenting with an "Adobe Acrobat" icon, rather than a PDF file.

            I wonder if packaging in a ZIP also gets around the "This file was downloaded from the internet, are you sure that you want to open / run it" flag (as well as bypassing any email antivirus filters, as they can't see inside the encrypted zip, even when the trivial password is provided in the email)

        2. Anonymous Coward
          Anonymous Coward

          Re: FFS

          MS expects (and gets it) increased dependency on its Security Suite, by keeping poor security at the OS and Domain level.

          The reality is nearly 40 years after its creation, MS OSs are still DOS and CSVs at the core, and still it's greatest weakness.

          Innovation has been replaced by making products more complex and painful to use, built on the same weak base structure.

    2. Doctor Syntax Silver badge

      Re: FFS

      You know that, I know that, the majority of elRag readers know that. But manglement and especially the marketroids think the exact opposite.

      1. Martin-73 Silver badge

        Re: FFS

        make it THEIR job to fix the mess, they'll stop

  2. Jamie Jones Silver badge
    Flame

    ""For security leaders, it's a wake-up call to prioritize automation and AI in defense strategies to counteract these globally scaled, financially motivated phishing campaigns."

    Oh, eff off.

  3. Anonymous Coward
    Anonymous Coward

    Unexpected emails and phone calls, etc

    Just ignore and delete folks.

    Ignore and delete.

  4. H in The Hague

    Why OCR?

    "... is packed with AI capabilities for optical character recognition (OCR)."

    Why does an infostealer package need OCR?

    1. cyberdemon Silver badge

      Re: Why OCR?

      It probably OCRs your screen.. And any image files it finds.

      A lot easier to hide its network traffic if it isn't transmitting gigabytes of data back to its masters.

  5. EricB123 Silver badge

    OCR- Now with ai!

    "packed with AI capabilities for optical character recognition (OCR)"

    So now OCR is an ai technology too? Department stores have used OCR for decades. But now OCR uses 10x the power!

    That's what I call progress!

    1. Richard 12 Silver badge

      Re: OCR- Now with ai!

      It always was "AI", just not LLM.

      1. Anonymous Coward
        Anonymous Coward

        Re: OCR- Now with ai!

        It was never AI. LLM is not AI.

        (If anything, LLM is AS - Artificial Stupidity)

        1. Richard 12 Silver badge

          Re: OCR- Now with ai!

          Removing the "scare quotes" radically changes the meaning.

          Adding LLMs to your OCR is a really effective way to make it utterly useless, so I'm really hoping this is just a rebranding of the neural networks OCR has used for a very long time.

  6. jezza99

    Email address displayed?

    Of course, no email client would ever hide the email address of the sender, would they? That would be inviting impersonation.

  7. dangerous race
    Devil

    Once upon a time The Register would say which OS or OSs were affected by such attacks. The mention of a dll indicates this attack is performed on the Microsoft Windows OS. There is no mention of Microsoft or Windows in the article at all, or that MacOS, Linux, BSD, etc., etc. users are safe from this particular attack. Is this lack of mention of the attacked system due to us commentards knowing that when we see dll we know it's a Windows problem? Or perhaps there's some force in the background that has editorial control of articles published in these hallowed pages? Maybe it's to do with search results? Has the Vulture had its beak taped up so it can no longer bite the hand that feeds IT - particularly if the IT getting bit is from Microsoft? Should we be told? :-)

  8. Paul Hovnanian Silver badge

    Simple solution

    "The emails are sent from different Gmail accounts every time"

    I just don't take anything from a GMail account seriously. I've got a whole folder of GMail from Nigerian finance ministers to go through first anyway.

    1. MachDiamond Silver badge

      Re: Simple solution

      Anything that is serious such as notice of a copyright infringement shouldn't be coming through a gmail account. Certainly not a notice from an attorney.

      When a client hands me a gmail address, they don't get the same level of service as I've learned from experience that those people are the least likely to be around for the long term. Somebody with their own domain and even the most simplistic web site gets a lot more cred. I know that my website doesn't bring in very many clients, but it does act as a flyer that shows the services I provide and samples of my work. If I handed out the same thing on paper, it would get thrown away as nobody is filing tangible handouts, catalogs, etc. I used to have a couple of cabinets of catalogs and cut sheets and have long since turned that into bookmarks, a database and spreadsheets.

      Flag number one is always an email address from a free service. This would be especially so for a copyright infringement notice. If the entity couldn't be bothered to have a proper business backend, I can ignore them as it's very unlikely they'll take the matter any further. If they do, I expect I'd be getting notice from a verifiable attorney.

      1. Anonymous Coward
        Anonymous Coward

        Re: Simple solution

        Somebody doesn't work with attorneys much.

        I've got clients who insist on using gmail, yahoo, and aol. They are, by most measures, good lawyers. But they don't understand why they shouldn't do that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like