Because general user receives various kinds of mails every day, they do not usually hesitate to download and execute attached file from e-mail.
We are going to introduce this case, masqueraded as an email sent by DHL, one of international mail express company.
2. Spreading path and symptoms of infection
As its name is, spreading technique of these malicious files is that it masqueraded as a normal attached file. And lead receiver to download for getting informed details.
You can see a “ZIP file” at the attached area, a fool hacker wrote the year as 2010’s though.
Because this mail has been sent at May 17, 2011.
Based on content, this mail said that it was sent due to wrong recipients’ address and this mail tries to induce user to download and install attached file.
After extracting compressed file, you can see the executable icon such as following image.
Its file name also has been disguised as DHL and related stuffs, “DHL-Notification-print-copy-Delivery”.
It will generate file this following path and modify certain registry value.
Furthermore, it will try to access external site and can download additional malicious file or perform Bot function through “explorer.exe”.
3. How to prevent
In this case of malicious file disguised as a normal e-mail can be downloaded and executed easily. We can say this kind of security threat as a Social Engineering. And the range of exposure is getting wider.
To use your PC safely from security threats of these malicious applications, we recommend following tips "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system 24 hours against various security threats.