Even if sender and receiver of this e-mail is South Korean, sender account seems to be fraudulent account.
Since an excel file, attachment of this e-mail, contains its Excel contents, it's difficult to figure out the status of malicious for general users.
This kind of target attacking technique is trying to attack very sophisticatedly and continuously, so general users need to be careful on downloading attachment.
2. Spreading path and symptoms of infection
This malicious file is aiming at South Korean user; it is disguised as a normal e-mail and attachment. Furthermore, it has its Excel contents and can work additional malicious behavior on executed.
Following figure is the body of e-mail.
Mail body : We are attaching contacts. Thanks.
Attachment "주소록.xls(Contacts.xls)" file exploit Excel vulnerability.
If a victim tries to open that file, additional malicious file will be downloaded.
Upon executed "주소록.xls(Contacts.xls)", victim can see the normal address book contents. But it will download additional malicious file with Excel exploit.
Usually, this kind of target attack uses social engineering with containing important or related contents for making user induce easily. It will download additional "주소록.xls(Contacts.xls)" and malicious files (tasksger.exe, 6to4vcs.dll) will be installed.
3. How to prevent
Applying latest patch of its application and OS is the most important to avoid from this kind of malicious file.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.