I received the following mail:
"Excuse me,I got to show you this picture in attachment. I can't tell who gave it to me sorry but this chick looks a lot like your ex-gf. But who's that dude??."
Some other example mails with a similar subject and content:
RE:Check the attachment you have to react somehow to this picture
I have a question- have you seen this picture of yours in attachment?? Three facebook friends sent it to me today... why did you put it online? wouldn't it harm your job? what if parents see it? you must be way cooler than I thought about you man :)))) .
RE:You HAVE to check this photo in attachment man
Hi there ,
But I really need to ask you - is it you at this picture in attachment? I can't tell you where I got this picture it doesn't actually matter... The question is is it really you???.
There are a few more but I'll stop there. In all cases, you HAVE to check the picture in attachment, how else can you be sure it's not you in an embarrasing photo ;-) ?
Attached is a file called IMG9837.dat. In fact, an executable is embedded with the exact same name:
An Adobe icon is used to trick the user
When executing this file, it will phone home or call back (this term is used for malware that is connecting to a remote address for either receiving instructions or downloading additional malware) to the following IP: 18.104.22.168
Scanreport by IPvoid - http://ipvoid.com/scan/22.214.171.124
In this case, the malware downloads an additional executable called fas.exe. Let's review some more information about both files:
In this case, fas.exe will load one of the known fake Defragger rogues, for example:
System Defragmenter. This rogueware also hides your Desktop and Start Menu
- Be wary when receiving such emails, even if it's from someone you know.
- Don't open attachments from unknown senders - ever.
If the harm is already done and you are getting warnings, messages or pop-ups stating you are infected and you need to take 'immediate action' to clean your computer, follow the guide below at BleepingComputer's to rid yourself of this malware:
BleepingComputer's Virus Removal
Pretty simple. Never open any emails from unknown senders, and certainly not attachments.
Keep your Antivirus and Operating System up-to-date, as well as your applications (for example Adobe and Java) !
Follow the steps above should you have been hit by this spam campaign/rogueware.